Advisories for Golang/Github.com/Hashicorp/Go-Slug package

HashiCorp go-slug did not fully protect against Zip Slip attacks while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks.