go: use go as CVE product for all golang recipe veriants

All golang vulnerabilities are reported under product 'go'.

By default there is no vulnerability reported for images with
golang components because none of used golang packages
have correct CVE product set:
* go-binary-native
* go-runtime
* go-cross-*

(From OE-Core rev: 09f3a27a809bbec9b08c4e4a2b846b68f386c35c)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/go/go-binary-native_1.20.1.bb

@@ -16,6 +16,8 @@ SRC_URI[go_linux_ppc64le.sha256sum] = "85cfd4b89b48c94030783b6e9e619e35557862358
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
 
+CVE_PRODUCT = "go"
+
 S = "${WORKDIR}/go"
 
 inherit goarch native

meta/recipes-devtools/go/go-common.inc

@@ -19,6 +19,9 @@ S = "${WORKDIR}/go"
 B = "${S}"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.src\.tar"
 
+# all recipe variants are created from the same product
+CVE_PRODUCT = "go"
+
 INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 SSTATE_SCAN_CMD = "true"