Only set has_vulnerabilities records are ingested

Currently, `IngestReportsService` sets `has_vulnerabilities` 100% of the
time. This does not account for the fact that all security reports could
be empty. This change skips the update if zero vulnerabilities were
ingested.

Changelog: fixed
EE: true