Update go detection docs

docs/detectors/go.md

@@ -4,31 +4,35 @@
 
 Go detection depends on the following to successfully run:
 
-- Go v1.11+.
+- `go.mod` or `go.sum` files
 
 ## Detection strategy
 
-Go detection is performed by parsing output from executing `go mod graph`.
-Full dependency graph generation is supported if Go v1.11+ is present on the build agent.
-If no Go v1.11+ is present, a fallback detection strategy is performed, dependent on:
-
-- One or more `go.mod` or `go.sum` files.
-
-For the fallback strategy:
-
 Go detection is performed by parsing any `go.mod` or `go.sum` found under the scan directory.
 
 Only root dependency information is generated instead of full graph.
 I.e. tags the top level component or explicit dependency a given transitive dependency was brought by.
 Given a dependency tree A -> B -> C, C's root dependency is A.
 
+### Improved detection accuracy via opt-in
+
+**To enable improved detection accuracy, create an environment variable named `EnableGoCliScan` with any value.**
+
+Improved go detection depends on the following to successfully run:
+
+- Go v1.11+.
+
+Go detection is performed by parsing output from executing `go mod graph`.
+Full dependency graph generation is supported if Go v1.11+ is present on the build agent.
+If no Go v1.11+ is present, fallback detection strategy is performed.
+
+As we validate this opt-in behavior, we will eventually graduate it to the default detection strategy.
+
 ## Known limitations
 
 Dev dependency tagging is not supported.
 
 Go detection will fallback if no Go v1.11+ is present.
-If executing `go mod graph` takes too long (currently if it takes more than 10 seconds), go detection will fall back.
-This can happen if modules are not restored before the scan.
 
 Due to the nature of `go.sum` containing references for all dependencies, including historical, no-longer-needed dependencies; the fallback strategy can result in over detection.
 Executing `go mod tidy` before detection via fallback is encouraged.