add nancy scan to CI build

[bhamail]

Runs nancy to scan for vulnerabilities as part of the CI build.

relates to PR #961 and PR #1066 in that those PR's should fix the build failures (which are due to detected vulnerabilities).

[github-actions]

👋 Thanks for contributing to Viper! You are awesome! 🎉

A maintainer will take a look at your pull request shortly. 👀

In the meantime: We are working on Viper v2 and we would love to hear your thoughts about what you like or don't like about Viper, so we can improve or fix those issues.

⏰ If you have a couple minutes, please take some time and share your thoughts: https://forms.gle/R6faU74qPRPAzchZ9

📣 If you've already given us your feedback, you can still help by spreading the news,
either by sharing the above link or telling people about this on Twitter:

https://twitter.com/sagikazarmark/status/1306904078967074816

Thank you! ❤️

[bhamail]

Ping! Has anybody had a chance to look this over - is adds a nancy scan to the CI build?

I'm wondering if it fell through the cracks due to the CI build failing - but the failures appear to be due to security vulns - so sort of expected tail chasing going on.

Please let me know if there is anything I can do to help move it along.

[sagikazarmark]

It's on my mental todo list, but I'd like to combine it with other tools (like snyk and dependabot). I need some time to figure things out. Till then, we can go with manual updates.

Until we can upgrade to etcd 3.5 (#1115) which will likely only happen in June, we can't do much about dependencies anyway as it pins quite a few dependencies to relatively old versions.