Fix panic in prescan when Trivy reports no OS metadata

[mkm29]

Summary

This PR fixes a nil pointer dereference panic in prescan when processing images that do not contain OS metadata (e.g., distroless or scratch-based images such as quay.io/prometheus/prometheus:v2.48.0).

Problem

Previously, prescan assumed that r.Metadata.OS was always non-nil. When Trivy reports no OS metadata, Helmper panics at runtime: panic: runtime error: invalid memory address or nil pointer dereference

Fix

• Added a nil check for r.Metadata.OS in prescan.
• If OS metadata is absent, the image is logged and skipped (added to push), rather than attempting to evaluate unsupported OS or patch logic.

Impact

• Helmper will now safely handle distroless/scratch images (or images like alpine:latest with 0 OS vulns) and continue processing without crashing.
• Users will see a warning in logs indicating the image could not be patched, instead of a panic.

Testing

• Verified by:
  • Built new binary (same flags as in .goreleaser.yaml)
  • Created full helmper.yaml configuration file with prometheus-community chart (5 of the 6 images contain 0 OS vulns).
  • Ran new binary and local Zot OCI registry
• Helmper now logs the warning and continues pushing charts and images without error.

[ChristofferNissen]

Thank you for your contribution to Helmper!