chore: go1.23.1 golangci lint 1.6.1

[ramonpetgrave64]

Summary

Followup to slsa-framework/slsa-verifier#810

• upgrades to go 1.23.1 and golangci-lint 1.6.1
• makes necessary changes for the linter
  • as of go 1.22, no need to make a copy of the loop variable
  • change non-string use of fmt.Errorf(err) to fmt.Error(err)

Testing Process

unit tests continue to pass, as well as the linter

Checklist

• Review the contributing guidelines
• Add a reference to related issues in the PR description.
• Update documentation if applicable.
• Add unit tests if applicable.
• Add changes to the CHANGELOG if applicable.

[ramonpetgrave64]

@jku @loosebazooka

[jku]

Looks good to me.

The golangci-lint job looks like it should be replaced with golangci/golangci-lint-action but i'm not very familiar with this (and it's not really related to the chore here) so I'm not strongly suggesting it.

[loosebazooka]

Would be nice to address jku's suggestion in a followup sooner rather than later.

[ramonpetgrave64]

@jku @loosebazooka, A while ago @ianlewis and @laurentsimon and I decided it was better to keep it this way, since we get to verify the golangci-lint binary's hash. Their official action I believe still does not verify the binary of the hash, even if downloading directly from their GitHub repo's releases. We should consider updating the slsa-verifier's implementation to verify the binary, however.