gopls/internal/vulncheck: skip vuln entries without callstacks

Vulnerability entries that do not have call traces are
considered false-positives by govulncheck.

Change-Id: I50d7fc815723038e904805213cd039a05934a469
Reviewed-on: https://go-review.googlesource.com/c/tools/+/396434
Trust: Hyang-Ah Hana Kim <[email protected]>
Run-TryBot: Hyang-Ah Hana Kim <[email protected]>
gopls-CI: kokoro <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Jamal Carvalho <[email protected]>

Author: hyangah

gopls/internal/vulncheck/command.go

@@ -121,6 +121,9 @@ func toVulns(pkgs []*packages.Package, callstacks map[*vulncheck.Vuln][]vulnchec
 
 	var vulns []Vuln
 	for v, trace := range callstacks {
+		if len(trace) == 0 {
+			continue
+		}
 		vuln := Vuln{
 			ID:             v.OSV.ID,
 			Details:        v.OSV.Details,