fix(sec): upgrade gopkg.in/yaml.v3 to 3.0.0

[Huoxi-any]

What happened？

There are 1 security vulnerabilities found in gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b

• CVE-2022-28948

What did I do？

Upgrade gopkg.in/yaml.v3 from v3.0.0-20210107192922-496545a6307b to 3.0.0 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

[sudo-bmitch]

Since this is indirect, we should push upstream to update their dependencies:

$ go mod why gopkg.in/yaml.v3
# gopkg.in/yaml.v3
github.com/opencontainers/image-spec/schema
github.com/xeipuuv/gojsonschema
github.com/xeipuuv/gojsonschema.test
github.com/stretchr/testify/assert
gopkg.in/yaml.v3

It doesn't look like gojsonschema has been touched in a while, so that may be a sign that we should investigate other options.

[thaJeztah]

I think it can be ok to update the version to be ahead of what go modules resolved to, if we have a good reason. Go modules define the minimum compatible version, but SemVer allows for more current (minor/patch) releases to be used. Updating the indirect would allow us to "recommend" / "force" our consumers to follow.