There's already a command within the golang cli for this:
go list -u
And some wrappers like:
https://github.com/psampaz/go-mod-outdated
Let's build a Gitlab CI include for this, as we've already done for npm and php/composer.
Update: we'll also want to add support for discovering nested go.mod files, like what had been implemented for the deprecated npm audit CI include, even if that isn't a best practice (because it still happens).