ignore `go.mod` by default

[fuyufjh]

#458 fixed the issue of go.sum, but actually go.mod has a similar problem. It saves indirect dependencies in the second require (...) block, which were generated by go add automatically.

Example:

require (
	github.com/99designs/keyring v1.1.6 // indirect
	github.com/AthenZ/athenz v1.10.39 // indirect
	github.com/DataDog/zstd v1.5.0 // indirect
	github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect
	github.com/apache/pulsar-client-go/oauth2 v0.0.0-20220120090717-25e59572242e // indirect
	github.com/ardielle/ardielle-go v1.5.2 // indirect
	github.com/beorn7/perks v1.0.1 // indirect
	github.com/cespare/xxhash/v2 v2.1.2 // indirect
	...

Today I ran into this problem:

Run crate-ci/typos@v1.13.20
...
$ typos .
Warning: "afe" should be "safe".
error: `afe` should be `safe`
  --> ./integration_tests/datagen/go.mod:40:61
   |
40 |  github.com/gsterjov/go-libsecret v0.0.0-20161001094[7](https://github.com/risingwavelabs/risingwave/actions/runs/4403015548/jobs/7710853514#step:4:8)33-a6f4afe4[9](https://github.com/risingwavelabs/risingwave/actions/runs/4403015548/jobs/7710853514#step:4:10)[10](https://github.com/risingwavelabs/risingwave/actions/runs/4403015548/jobs/7710853514#step:4:11)c // indirect
   |                                                             ^^^
   |

https://github.com/risingwavelabs/risingwave/actions/runs/4403015548/jobs/7710853514

[epage]

Unsure why I didn't catch this until #1363 but this didn't cause us to ignore go.mod but just not categorize it as Go code, so #1365 is reverting this.

#1363 is discussing the hashes in go.mod