lockfiles: parse go.mod instead of go.sum
Created by: stefanhengl
This replaces the go.sum parser with a go.mod parser.
Based on our current understanding, with go >= 1.17, go.mod is the source of truth for all direct and indirect dependencies.
The parser parses a go.mod file and returns the list of all required dependencies, honoring the replace and exclude directives.
Reference: https://go.dev/ref/mod
Test Plan
- new unit test
- updated golden tests
- smoke tests with local Sourcegraph instance