proposal: go.mod: add keyword to override differing import path

[mpldr]

This proposal intends to address the Domain Expiration problem that is inherent to how Go handles package resolution.

The proposed solution is as follows:

• add an override keyword with a syntax similar to replace
  • override expired-domain.com/pkg => github.com/original-author/go-pkg
  • overrides just the location the module is located at
  • version is kept as part of the required section
• $SUMDB and go.sum assume expired-domain.com/pkg to be the import path and check the retrieved code against these known values
• the source code is fetched from the new address by $GOPROXY and GOPROXY=direct connections
• for developers running go get expired-domain.com/pkg@latest the information should still be looked for under the original domain.

override is project-specific and not intended to be a way to handle updating import paths. As such, it should be used with as much moderation and caution as is currently found with replace.

This way, it would also allow enterprises with strict compliance requirements to have a manual vetting process before making updates available (be it through review, or some other mechanism).

[seankhliao]

Either replace already does this (point to new source location, but the retrieved module declares its module path as the old one)
or this is a dup of #26904