Add go binary scanning

[another-rex]

Add go binary scanning extractor, and use it in image scanning.

This shows quite a few false positives that can be resolved with call analysis, which will be implemented in a followup PR.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 84.52381% with 13 lines in your changes missing coverage. Please review.

Project coverage is 65.25%. Comparing base (8fd553a) to head (6d68a3c).

Files	Patch %	Lines
pkg/lockfile/go-binary.go	82.00%	6 Missing and 3 partials ⚠️
internal/image/extractor.go	87.87%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1011      +/-   ##
==========================================
+ Coverage   65.14%   65.25%   +0.11%     
==========================================
  Files         149      150       +1     
  Lines       12338    12401      +63     
==========================================
+ Hits         8037     8092      +55     
- Misses       3849     3855       +6     
- Partials      452      454       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[oliverchang]

Does this incur much performance penalty when scanning a container filesystem?

[another-rex]

This sort of depends on whether the DepFile passed into this extractor has the ReaderAt interface. If it does, then the performance cost is relatively minimal, as it checks the headers to see if it's a relevant file (e.g. has ELF header, various magic bytes, has go debug info...etc) and returns early if it isn't.

[oliverchang]

Ack, I think it's reasonable to expect ReaderAt in most cases.