Pin scanner version in gosec analyzer

Problem to solve

Our gosec analyzer installs the Scanner's binary when building the docker image without specifying which version. By doing this we may download a newer version of the scanner that could break the compatibility with our analyzer.

We must install a specific version instead, and update it periodically.

Target audience

Developer, various Security roles.

Further details

Proposal

Update the analyzer to leverage other installation methods of the Scanner that allows to specify a version number.

What does success look like, and how can we measure that?

The same version of gosec is installed until we bump it manually.

Links / references