security/osv-scanner: Pin Go version to 1.19
Numerous packages currently do not support Go 1.20 yet,
and fail with the following:
version "go1.19.5" does not match go tool version "go1.20"
For now, pin the Go version used to 1.19, until upstream
supports 1.20.