Bump Golang 1.11.3 (CVE-2018-16875)

[thaJeztah]

Follow up to #281 for master; moby/moby master now uses Golang 1.11, so master should probably be on this version

go1.11.3 (released 2018/12/14)

• crypto/x509: CPU denial of service in chain validation crypto/x509: CPU denial of service in chain validation golang/go#29233
• cmd/go: directory traversal in "go get" via curly braces in import paths cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
• cmd/go: remote command execution during "go get -u" cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3

[Scukerman]

you have a typo: go1.11.3 <---- (released 2018/12/14)

[thaJeztah]

whoops; fixed the typo 😂

[thaJeztah]

Rebased, now that #281 was merged

@seemethere @andrewhsu PTAL

[seemethere]

We might just need to update this to read for golang:1.11.4 now that that's released.

Currently waiting on docker-library/official-images#5197

[thaJeztah]

@seemethere let's get to 1.11.3 first (which is only the security fix), after that we can bump upstream moby/moby to 1.11.4 (which has quite a few more changes). I'd like to give it a full run of the moby/moby CI to check if there's no regressions