package/go: security bump to version 1.20.9

Fixes CVE-2023-39323: Line directives ("//line") can be used to bypass the
restrictions on "//go:cgo_" directives, allowing blocked linker and compiler
flags to be passed during compilation.  This can result in unexpected
execution of arbitrary code when running "go build".

go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the go command and the linker.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/go/go.hash

@@ -1,3 +1,3 @@
 # From https://go.dev/dl
-sha256  38d71714fa5279f97240451956d8e47e3c1b6a5de7cb84137949d62b5dd3182e  go1.20.8.src.tar.gz
+sha256  4923920381cd71d68b527761afefa523ea18c5831b4795034c827e18b685cdcf  go1.20.9.src.tar.gz
 sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE

package/go/go.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GO_VERSION = 1.20.8
+GO_VERSION = 1.20.9
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz