fix go.mod to fix CodeQL workflows

[jkowall]

Correct the issue in codeQL

Checklist

• I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md
• I have signed all commits
• [NA] I have added unit tests for the new functionality
• I have run lint and test steps successfully

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.20%. Comparing base (9073fe3) to head (6825ffd).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5364      +/-   ##
==========================================
- Coverage   95.21%   95.20%   -0.02%     
==========================================
  Files         343      343              
  Lines       16777    16777              
==========================================
- Hits        15974    15972       -2     
- Misses        605      606       +1     
- Partials      198      199       +1     

Flag	Coverage Δ
badger	10.50% <ø> (ø)
cassandra-3.x	18.43% <ø> (ø)
cassandra-4.x	18.43% <ø> (ø)
elasticsearch-5.x	20.88% <ø> (-0.02%)	⬇️
elasticsearch-6.x	20.89% <ø> (+0.01%)	⬆️
elasticsearch-7.x	20.93% <ø> (-0.02%)	⬇️
elasticsearch-8.x	21.13% <ø> (+0.01%)	⬆️
grpc	14.60% <ø> (ø)
kafka	10.17% <ø> (ø)
opensearch-1.x	20.99% <ø> (+0.01%)	⬆️
opensearch-2.x	20.98% <ø> (-0.02%)	⬇️
unittests	91.74% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[yurishkuro]

according to LLM specifying patch version in this directive is not recommended. The directive controls source code compatibility, which is not affected by the patch version.

On that topic, most of our CI workflows are using go-version: 1.22.x. It's fine for test-only workflows, but others are used to build final artifacts, and you could argue not fixing a precise patch version means the builds are not repeatable. That sounds like the issue the security scanner should be flagging, not the go.mod directive

[yurishkuro]

For reference, all official examples of go directive use major.minor version -- https://go.dev/ref/mod#go-mod-file-go

[jkowall]

Seems to be conflicting, as you can see from CodeQL we are getting a warning for not using the 1.N**.P** part of the toolchain in the file. I guess we can ignore the warning.