There was a mix of diferent action and Go versions specified throughout the
GitHub Actions workflow configs. In general, we want to be compatible with the
latest Go 1.x version, so just specify that instead of bumping versions
everywhere when necessary.
At the same time, bump the actions/setup-go to v4, the latest currently
available version. This prefers versions already cached on the runner and
enables automatic caching for dependencies.
dependabot adds a link showing the diff of the dependency but when there are
changes in indirect dependencies, these have to be diffed manually. This commit
vendors the dependencies before and after a PR and outputs the diff.
