make gosec linter pass (#3294)

* not related to linter: remove obsolete constants:
 - `Insecure` and `Secure` and type `Security` are not used anywhere

* not related to linter: update example

 - NewInsecure was deleted; change example to NewRemoteDB

* address: Binds to all network interfaces (gosec):

 - bind to localhost instead of 0.0.0.0
 - regenerate test key and cert for this purpose (was valid for ::) and
 otherwise we would see:
 transport: authentication handshake failed: x509: certificate is
 valid for ::, not 127.0.0.1\"

(used https://github.com/google/keytransparency/blob/master/scripts/gen_server_keys.sh
to regenerate certs)

* use sha256 in tests instead of md5; time difference is negligible

* nolint usage of math/rand in test and add comment on its import

 - crypto/rand is slower and we do not need sth more secure in tests

* enable linter in circle-ci

* another nolint math/rand in test

* replace another occurrence of md5

* consistent comment about importing math/rand

tools/tm-bench/transacter_test.go

@@ -1,7 +1,7 @@
 package main
 
 import (
-	"crypto/md5"
+	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
@@ -28,7 +28,7 @@ func TestGenerateTxUpdateTxConsistentency(t *testing.T) {
 	}
 
 	for tcIndex, tc := range cases {
-		hostnameHash := md5.Sum([]byte(tc.hostname))
+		hostnameHash := sha256.Sum256([]byte(tc.hostname))
 		// Tx generated from update tx. This is defined outside of the loop, since we have
 		// to a have something initially to update
 		updatedTx := generateTx(tc.connIndex, tc.startingTxNumber, tc.txSize, hostnameHash)
@@ -69,7 +69,7 @@ func BenchmarkIterationOfSendLoop(b *testing.B) {
 	// something too far away to matter
 	endTime := now.Add(time.Hour)
 	txNumber := 0
-	hostnameHash := md5.Sum([]byte{0})
+	hostnameHash := sha256.Sum256([]byte{0})
 	tx := generateTx(connIndex, txNumber, txSize, hostnameHash)
 	txHex := make([]byte, len(tx)*2)
 	hex.Encode(txHex, tx)