[20.10] update to Go 1.18.8 to address CVE-2022-41716

[thaJeztah]

On Windows, syscall.StartProcess and os/exec.Cmd did not properly
check for invalid environment variable values. A malicious
environment variable value could exploit this behavior to set a
value for a different environment variable. For example, the
environment variable string "A=B\x00C=D" set the variables "A=B" and
"C=D".

Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this
issue.

This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

This Go release also fixes golang/go#56309, a runtime bug which can cause random memory corruption when a goroutine exits with runtime.LockOSThread() set. This fix is necessary to unblock work to replace certain uses of pkg/reexec with unshared OS threads.

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

[codecov-commenter]

Codecov Report

Merging #3851 (acc3f99) into 20.10 (e814bd0) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##            20.10    #3851   +/-   ##
=======================================
  Coverage   58.57%   58.57%           
=======================================
  Files         299      299           
  Lines       21457    21457           
=======================================
  Hits        12569    12569           
  Misses       7970     7970           
  Partials      918      918           

[thaJeztah]

Let me bring this one in; as we already updated the other repositories