Upgrade github.com/go-kit/kit package to fix CVE-2022-24450 vulnerability

[A7103]

Now beego used github.com/go-kit/kit v0.10.0 version is contained a vulnerabilities CVE-2022-24450
This PR is to upgrade github.com/go-kit/kit package to the newest version to fix it.

NOTE:
github.com/go-kit/kit's last release version v0.12.0 still contains the vulnerability, but the master branch has fixed it (go-kit/kit#1237), so I use go get -v -u github.com/go-kit/kit@master command to upgrade it. (The v0.12.0 is released in 2021)

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[PlexPt]

Thanks for creating this pull request! I definitely see the value in having this feature and can understand why you would need it as well. Let's see if we can get some feedback from the rest of the team and work towards getting this implemented. Great work!

[PlexPt]

Dear A7103,

Thank you so much for creating this pull request to upgrade the github.com/go-kit/kit package. Your efforts to address the vulnerabilities in the previous version are greatly appreciated. We are grateful for your hard work and dedication to improving the security of our project.

Thank you again for your contribution!

[codecov-commenter]

Codecov Report

Merging #5121 (ef09d4b) into develop (f5d84df) will decrease coverage by 0.06%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #5121      +/-   ##
===========================================
- Coverage    54.83%   54.76%   -0.07%     
===========================================
  Files          246      246              
  Lines        21896    21896              
===========================================
- Hits         12006    11991      -15     
- Misses        8938     8949      +11     
- Partials       952      956       +4     

Impacted Files	Coverage Δ
client/httplib/filter/prometheus/filter.go	62.50% <0.00%> (-37.50%)	⬇️
server/web/session/sess_mem.go	31.68% <0.00%> (-1.00%)	⬇️
core/logs/file.go	66.07% <0.00%> (-0.90%)	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[A7103]

@flycash This is a Critical severity level vulnerability, If your review pass, I think a new release version should be released as soon as possible (maybe v2.0.7?)

[flycash]

done. And if you remember, can help to raise a new MR to upgrade the version to stable version.

[flycash]

I mean, the kit version

[A7103]

@flycash Thank you!

And if you remember, can help to raise a new MR to upgrade the version to stable version.

I tried it before, but I found someone asked the author for a similar question in go-kit/kit#843 (comment) , It seems that he/she is reluctant to release a new version but wants to let the downstream control itself

[A7103]

Another possibility of the author does not release a new version is go-kit/kit#1223 , but it still causes vulnerability warnings for projects that depend on beego, so I think it is still necessary to upgrade it