🌱 group Go dependency updates weekly

[spencerschrock]

Some dependencies are excluded because of known issues upgrading them in the past.

What kind of change does this PR introduce?

(Is it a bug fix, feature, docs update, something else?)

• PR title follows the guidelines defined in our pull request documentation

What is the current behavior?

• Every Go dependency update gets its own PR, up to 3 PRs daily (security fix PRs aren't constrained)

What is the new behavior (if this is a feature change)?**

Trying to reduce some of the toil of dependency management. About a third of our commits/PRs are from dependabot, over the last year that ratio grows to about half.

• Most Go dependencies are grouped for updates weekly.

  • removed the 3 PR limit due to this

• Some still get their own PRs (if they've required manual intervention in the past)

• Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

NONE

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.63%. Comparing base (353ed60) to head (beddef9).
Report is 74 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4444      +/-   ##
==========================================
+ Coverage   66.80%   68.63%   +1.82%     
==========================================
  Files         230      242      +12     
  Lines       16602    18031    +1429     
==========================================
+ Hits        11091    12375    +1284     
- Misses       4808     4848      +40     
- Partials      703      808     +105     

[justaugustus]

Great cleanup; thanks @spencerschrock!