fix(ci): bypass Go module proxy in submodule dependency workflow (#181)

The update-submodule-dependencies workflow runs immediately on push to
main, but `go get @main` through proxy.golang.org resolves to the
latest cached tagged version (v1.20.0) instead of the just-pushed
commit. This caused failures when new packages (graph, oq) were added
but not yet indexed by the proxy.

Setting GOPROXY=direct fetches directly from GitHub, ensuring @main
resolves to the actual branch tip.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: vishalg0wda

.github/workflows/update-submodule-dependencies.yaml

@@ -18,6 +18,8 @@ jobs:
   update-dependencies:
     name: Update submodule dependencies
     runs-on: ubuntu-latest
+    env:
+      GOPROXY: direct
     steps:
       - uses: actions/checkout@v6