Hello,

This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
security issue with the regexp/syntax package. I've looked at the current
patch and I haven't found one for Go.

This is my first contribution to guix and this process is new to me.

I've made the changes in a single patch, because it covers the same CVE, if
you prefer I can split them.

Also, I've looked to add support for go 1.18 based on the 1.17 package
definition,  at work I've had a few hiccups when upgrading to this new
version. What would be the way to test that packages depending on go (or
go-build-system) would still build with it ?

Thanks

-- 
ph,
http://heykimo.com