deck binary reports devel version instead of the real release version in Go build info

[cello86]

Hi all,
I am generating an SBOM for a Docker image that contains the deck binary (release v1.36.1). I noticed that tools like Syft cannot detect the correct version of deck.
The command deck --version works fine, but the internal debug.BuildInfo of the Go binary is missing the semantic version. Because of this, vulnerability scanners ignore deck entirely, as they cannot map a pseudo-version to a CVE database.

github.com/Kong/go-diff                                          v1.2.2                                 go-module
github.com/Kong/gojsondiff                                       v1.3.2                                 go-module
github.com/kong/deck                                             v0.0.0-20240321105356-920cf1dec549     go-module
github.com/kong/go-apiops                                        v0.1.31                                go-module
github.com/kong/go-database-reconciler                           v1.8.0                                 go-module
github.com/kong/go-kong                                          v0.51.1-0.20240125175037-0c077f5b9ac7  go-module
github.com/kong/go-slugify                                       v1.0.0                                 go-module
github.com/kong/kubernetes-ingress-controller/v3                 v3.1.2                                 go-module
github.com/kong/semver/v4                                        v4.0.1                                 go-module

$ go version -m deck | grep -E "path|mod" | head -n 2
	path	github.com/kong/deck
	mod	github.com/kong/deck	(devel)  # or v0.0.0-20240321...

Is it correct this behavior?

Thanks,
Marcello