Rooted, quite an easy box actually!
Foothold: check the request and play with it
User: old vulnerability, search for it
Root: Never played with go, but i think its doable with a bit of research. When exploiting binaries what is the most useful thing?! (i think it is the source code )
Pm me if needed (but at least have concrete questions)!