[CS-1099] fix: security vulnerabilities in golang packages

[greed2411]

fixing security vulnerabilities:

• github.com/hashicorp/go-getter from 1.7.0 to 1.7.4
• golang.org/x/net from 0.17.0 to anything above 0.23.0
• google.golang.org/grpc from 1.51.0 to 1.58.3
• google.golang.org/protobuf from 1.28.1 to 1.33.0
• from gopkg.in/square/[email protected] to github.com/go-jose/go-jose/[email protected] via upgrading github.com/hashicorp/vault/api from v1.8.2 to v1.14.0

also have upgraded go.mod file from 1.19 golang to 1.21

im unable to test things, how can we review these fixes are good enough and make a new release? @vipul-sharma20 / @sreeram-narayanan

attaching the trivy vulnerabilities found on the master branch:

go.mod (gomod)
==============
Total: 6 (MEDIUM: 4, HIGH: 1, CRITICAL: 1)

trivy_before_fix.txt

and trivy didn't find anything on this new vanta_security_upgrades branch. thus getting rid of 2 vulnerabilities (high + critical)

this is the command used btw:

trivy fs ./ --scanners vuln --severity HIGH,CRITICAL,MEDIUM  > trivy_before_fix.txt

[greed2411]

a lot of prometheus libraries have vanished for some reason. did i do something wrong? or someone else didn't do go mod tidy in the previous commits?

[sreeram-narayanan]

Why not 1.22?

[sreeram-narayanan]

@greed2411 let's not use JIRA IDs in the commits/MRs here since this is an open-source project and github is not linked to JIRA.