Add gosec linter (#1342)

This PR adds `gosec` linter with the following checks disabled:

- G102: Bind to all interfaces
- G107: Url provided to HTTP request as taint input
- G112: Potential slowloris attack
- G114: Use of net/http serve function that has no support for setting timeouts
- G204: Audit use of command execution
- G401: Detect the usage of DES, RC4, MD5 or SHA1
- G402: Look for bad TLS connection settings
- G404: Insecure random number source (rand)
- G501: Import blocklist: crypto/md5
- G505: Import blocklist: crypto/sha1

We have complaints related to the checks above. They have to be addressed separately.

management/server/http/policies_handler.go

@@ -290,11 +290,13 @@ func toPolicyResponse(account *server.Account, policy *server.Policy) *api.Polic
 		Enabled:     policy.Enabled,
 	}
 	for _, r := range policy.Rules {
+		rID := r.ID
+		rDescription := r.Description
 		rule := api.PolicyRule{
-			Id:            &r.ID,
+			Id:            &rID,
 			Name:          r.Name,
 			Enabled:       r.Enabled,
-			Description:   &r.Description,
+			Description:   &rDescription,
 			Bidirectional: r.Bidirectional,
 			Protocol:      api.PolicyRuleProtocol(r.Protocol),
 			Action:        api.PolicyRuleAction(r.Action),