Support using a later patch release than what's in go.mod

[perj]

Description:
Some packages (e.g. k8s.io/apimachinery) puts go 1.22.0 in their go.mod file. This propogates to applications using it, which also gets go 1.22.0 in go.mod. Setup-go will then find that exact version. I would like a flag, possibly enabled by default, to instead use the latest patch version, as long as it's greater than the one in go.mod.

Justification:
Using 1.22.0 could be a security risk. Before our go.mod was changed to say go1.22.0, setup-go was using 1.22.3, now it's downgraded. We can solve this by manually setting go1.22.3, but we can't set go1.22 since that's considered lower than 1.22.0, so there's no way to say "use latest version" via go.mod right now.

Are you willing to submit a PR?
Yes, possibly, but it will probably take me a while to make it a priority.

[HarithaVattikuti]

Hello @perj
We appreciate your suggestion for a new feature! We'll make sure to address it when we have the opportunity.

[magnetikonline]

Thanks for raising this @perj - this is bang on the same issue I'm seeing.

Would like the option to ignore the "patch" component of a given go VERSION line - and use the latest version (ideally already pre-loaded on a GitHub Actions public runner - avoid the download) and only consider the MAJOR.MINOR components.