Currently, `IngestReportsService` sets `has_vulnerabilities` 100% of the time. This does not account for the fact that all security reports could be empty. This change skips the update if zero vulnerabilities were ingested. Changelog: fixed EE: true
