Follow-up from "Add Go guidelines to developer docs"

The following discussion from gitlab-ce!24661 should be addressed:

• @fcatteau started a discussion: (+3 comments)

  We should probably have two lists here:

  • the security risks, like "XSS when using text/template"
  • the best practices, like "`Use a Go version without know vulnerabilities"