Add 'gosec' to the static-checks

Run static security scanning tool 'gosec' while testing.

URL: https://github.com/securego/gosec
Signed-off-by: Niels de Vos <ndevos@redhat.com>

scripts/gosec.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -o pipefail
+
+if [[ -x "$(command -v gosec)" ]]; then
+  find cmd pkg -type d -print0 | xargs --null gosec
+else
+  echo "WARNING: gosec not found, skipping security tests" >&2
+fi