Improve rules in SAST for Go

The merge request on the phpcs-security analyzer makes me think our Go rules are suboptimal. The findings data is minimalist and doesn't really explain what to look for.

The first is a medium severity, for something that needs to be audited only: Screenshot_2019-09-05_16.35.52 I would say the confidence is at best Low in this case, since I imagine this rule will be triggered every time we use exec.Command (hint: we use it a LOT in analyzers).

The second one is more a code quality issue than a security one: Screenshot_2019-09-05_16.37.54

We should improve these rules with better description and guidance for Users.

/cc @julianthome