Enable "gosec" linter.
Exclude:
- All G115 (integer overflow) findings, to be fixed separately.
Add targeted gosec annotations for:
- non-crypto math/rand usage
- md5 used only for file change detection
- G114 ("net/http serve with no timeout settings"), to be fixed
separately.
Other findings fixed.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Add test suite covering thread-safe random number generator with
tests for:
- Constructor with various seed values (positive, zero, negative)
- Deterministic behavior verification with same seeds
- Permutation generation and validation
- Concurrent access safety with multiple goroutines
- Mixed operations under concurrent load
Also clarify package documentation to explicitly state this is
for load balancing and server selection, not cryptographic use.
The math/rand usage is intentional for performance in non-security
contexts like upstream server selection and DNS record shuffling.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
