As the dependabot cannot update the go-yaml automatically,
this PR updates gopkg.in/yaml.v3 to v3.0.0 to fix CVE-2022-28948
(See https://github.com/go-yaml/yaml/issues/666)
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>