Detect golang boring crypto and fipsonly modules

[bathina2]

This PR adds functionality to Syft to derive the crypto settings of a go executable.

It imports a library that scans the symbols and determines whether an executable contains the boring crypto module as well as the fipsonly module.

[kzantow]

Thanks for the contribution @bathina2 -- I'm a little hesitant to merge this as-is with a forked repo to add reader functionality (as you've submitted in a PR to the main repo here). We try to avoid forking repositories and just use upstream when we can (there have been a couple cases where the upstream was unresponsive to necessary fixes, etc.). Could we see if your PR gets accepted upstream to rsc/goversion in some sort of reasonable time frame?

[bathina2]

I was hesitant as well. I would have liked to have the reader functionality merged upstream, however, the upstream project hasn't changed much in a while and we don't have real time frame. My thoughts were that we could get this PR merged in syft and once the goversion changes got merged upstream we could pull them in.

[wagoodman]

@bathina2 if you run make lint-fix you should be good to go CI-wise.

[wagoodman]

@kzantow is right that we try to keep references to upstreams before forking. That being said, I would be OK with getting the functionality under the fork then create an issue for removing the fork and tracking the upstream PR there.

[bathina2]

@wagoodman Thanks for the feedback! I've addressed them. It would be great to get this change into upstream Syft.