`govulncheck` inspects Go dependencies for known vulnerabilities. We
invoke it in the `vulnerability` CI job which runs in pipelines on the
default branch. The job is designed to fail if vulns are detected. This
is mostly desirable, unless the vuln is related to a dependency that
the Gitaly team cannot directly update, such as the Go standard library.

In these cases, a failing `vulnerability` job will continue to fail and
block pipelines until our Go build images are updated, or the job is
disabled completely (leaving us open to other vulns).

Introduce a filter which receives the human-readable output of the
`govulncheck` tool, applies an ignore list, and allows the job to pass
if necessary. An issue template has also been created to track the
removal of vulns from the ignore list.