Hello,

This patch updates Go 1.16 and 1.17 to their latest patch and fixes a security issue with the regexp/syntax package. I've looked at the current patch and I haven't found one for Go.

This is my first contribution to guix and this process is new to me.

I've made the changes in a single patch, because it covers the same CVE, if you prefer I can split them.

Also, I've looked to add support for go 1.18 based on the 1.17 package definition,  at work I've had a few hiccups when upgrading to this new version. What would be the way to test that packages depending on go (or go-build-system) would still build with it ?

Thanks

--