CGI scripts don't have to run with web server privileges. Nor should they. They should be set-UID to some other user.
I still use FCGI with Go programs. FCGI launches a service process when there's a request, but keeps it alive for a while, for later requests. It can fire up multiple copies of the service process if there's sufficient demand. If there are no requests for a while, the service processes are told to exit. Until you get big enough to need multiple machines and load balancers, that's enough.
Set-UID (by itself, at least) is not a feature to drop privileges. On Linux, you must also use setresuid to set all ID's to the EUID. And then you must hope that you were able to execute setresuid before any vulnerabilities can be triggered.
You should tell your web server to run CGI processes as a different user, instead (f.e. suexec).
I still use FCGI with Go programs. FCGI launches a service process when there's a request, but keeps it alive for a while, for later requests. It can fire up multiple copies of the service process if there's sufficient demand. If there are no requests for a while, the service processes are told to exit. Until you get big enough to need multiple machines and load balancers, that's enough.