Improve handling of GOPATH

[evqna]

Is your feature request related to a problem? Please describe.
Our current installation process requires users to manually update the gopath and point it to the cache folder if they want to use gosec. This is error prone and complicates deployment.

Describe the solution you'd like
Using the env parameter of child_process.spawn(), we can inject the gopath into spawned gosec processes. This removes the need for additional configuration and gives us more flexibility to handle save paths since every spawned gosec instance could have a different gopath specific to the current PR save location (currently all go source must be in /cache/go/src for this reason). This could allow us to use a more sensible directory layout in the cache and remove the need to have two code branches in all of the file save logic.

Additionally this removes the need to pollute the global namespace.

Describe alternatives you've considered
We could alternatively use the .env file to inject environmental variables in the program.

Additional context
More info: Node JS child process handling

[MVrachev]

Gosec just released version 2.0 which adds support for Go modules.
That should give us the flexibility to work without GOPATH.

[joshuagl]

This is blocked by #227