Enable gosec for SAST scans

[georgibaltiev]

What this PR does / why we need it: Enable gosec for SAST scans

Which issue(s) this PR fixes: Fixes #331

Special notes for your reviewer: gosec changes are influenced from https://github.com/gardener/gardener-extension-shoot-oidc-service/pull/248

Release note:

`gosec` is made available for SAST(static application security testing), it can be run with `make sast` or `make sast-report`, but is also incorporated in the `verify` and `verify-extended` makefile targets. 

[gardener-robot-ci-1]

This PR proposes changes that would break the pipeline definition:

diki-update-dependencies-and-enable-gosec: Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/concourse/replicator.py", line 141, in render
    definition_descriptor = self._render(definition_descriptor)
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/concourse/replicator.py", line 185, in _render
    'definition': factory.create_pipeline_definition(),
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/concourse/factory.py", line 88, in create_pipeline_definition
    self._apply_traits(variant)
  File "/usr/lib/python3.12/site-packages/concourse/factory.py", line 177, in _apply_traits
    transformer.process_pipeline_args(pipeline_def)
  File "/usr/lib/python3.12/site-packages/concourse/model/traits/release.py", line 505, in process_pipeline_args
    raise ValueError(f'{asset=}\'s step_name refers to an absent build-step')
ValueError: asset=BuildstepLogAsset(ocm_labels=[{'name': 'gardener.cloud/purposes', 'value': ['lint', 'sast', 'gosec']}, {'name': 'gardener.cloud/comment', 'value': 'We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.\nEnabled by https://github.com/gardener/diki/issues/331\n'}], type='build-step-log', name='verify-build-step-log', step_name='verify', artefact_type='application/data', artefact_extra_id={}, purposes=['lint', 'sast', 'gosec'], comment='We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.\nEnabled by https://github.com/gardener/diki/issues/331\n')'s step_name refers to an absent build-step

[AleksandarSavchev]

/lgtm

[gardener-robot-ci-3]

This PR proposes changes that would break the pipeline definition:

diki-update-dependencies-and-enable-gosec: Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/concourse/replicator.py", line 141, in render
    definition_descriptor = self._render(definition_descriptor)
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/concourse/replicator.py", line 185, in _render
    'definition': factory.create_pipeline_definition(),
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/concourse/factory.py", line 88, in create_pipeline_definition
    self._apply_traits(variant)
  File "/usr/lib/python3.12/site-packages/concourse/factory.py", line 177, in _apply_traits
    transformer.process_pipeline_args(pipeline_def)
  File "/usr/lib/python3.12/site-packages/concourse/model/traits/release.py", line 505, in process_pipeline_args
    raise ValueError(f'{asset=}\'s step_name refers to an absent build-step')
ValueError: asset=BuildstepLogAsset(ocm_labels=[{'name': 'gardener.cloud/purposes', 'value': ['lint', 'sast', 'gosec']}, {'name': 'gardener.cloud/comment', 'value': 'We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.\nEnabled by https://github.com/gardener/diki/pull/333\n'}], type='build-step-log', name='verify-build-step-log', step_name='verify', artefact_type='application/data', artefact_extra_id={}, purposes=['lint', 'sast', 'gosec'], comment='We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.\nEnabled by https://github.com/gardener/diki/pull/333\n')'s step_name refers to an absent build-step