Migrate goformation under pkg/ as a local package and remove location re-write

[bryantbiggs]

Description

• Migrate goformation under pkg/ as a local package and remove location re-write
  • This removes the second set of dependencies and treats it as a local package, not a remote module

This is to resolve the reported security findings shown here https://github.com/eksctl-io/eksctl/security/dependabot

This is a repeat of #8153 which was reverted since it was caught up in the changes with the failed build image #8157

The steps used to create this PR are as follows (to better understand due to large number of path re-write changes):

1. Move the goformation directory under pkg/
2. Remove the goformation references from the main go.mod file
3. Remove go.mod and go.sum from pkg/goformation/*
4. Re-write paths for goformation (find ./ -type f -name '*.go' -exec sed -i 's|awslabs/goformation/v4|weaveworks/eksctl/pkg/goformation|g' {} \;)
5. Run go mod tidy
6. Run make build
7. Run make unit-test-no-generate to test

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the userdocs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes
• (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

[cheeseandcereal]

These changes largely look good to me. I have 2 asks:

1. Can you move this to a feature branch within this eksctl repository? Then I'll be able to run the integration tests against them to help confirm nothing is broken by this.
2. Can you confirm that go mod verify works too? That's what broke some packaging last time (Vendoring 0.199.0 fails with "goformation/v4 v4.0.0: missing ziphash: open hash: no such file or directory" #8090). I don't see why it wouldn't work, but good to double check.

[bryantbiggs]

yes, the go mod verify still works. let me close and re-open with a branch of this repo and not a fork

[bryantbiggs]

moved to #8219