disable gomod in dependabot, add govulncheck workflow

Author: Luit

.github/dependabot.yml

@@ -3,12 +3,6 @@
 
 version: 2
 updates:
-  - package-ecosystem: "gomod"
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "weekly"
-      day: "sunday"
-      time: "16:00"
   - package-ecosystem: "docker"
     directories:
       - "/"
@@ -24,4 +18,4 @@ updates:
       time: "16:00"
     groups:
       all-actions:
-        patterns: [ "*" ]
+        patterns: ["*"]

.github/workflows/govulncheck.yml

@@ -0,0 +1,16 @@
+on: [push]
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    name: Run govulncheck
+    strategy:
+      matrix:
+        go:
+          - "1.25"
+          - "1.26"
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: ${{ matrix.go }}