cmd/govulncheck: add test exhibiting multiple reported symbols per OSV

This makes it clear that we show a call stack per detected symbol in
default mode.

Change-Id: I81ae1f9494524752b6492cc20a328e0075f9fbae
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/443515
Run-TryBot: Zvonimir Pavlinovic <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Jonathan Amsterdam <[email protected]>

Author: softdev050

cmd/govulncheck/testdata/default.ct

@@ -7,7 +7,7 @@ govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulnch
 Scanning for dependencies with known vulnerabilities...
 No vulnerabilities found.
 
-$ govulncheck -dir ${moddir}/vuln . --> FAIL 3
+$ govulncheck -tags=twocallstacks -dir ${moddir}/vuln . --> FAIL 3
 govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
 
 Scanning for dependencies with known vulnerabilities...
@@ -21,6 +21,7 @@ Vulnerability #1: GO-2021-0113
 
   Call stacks in your code:
       .../vuln.go:12:16: golang.org/vuln.main calls golang.org/x/text/language.Parse
+      .../vuln_extra.go:8:30: golang.org/vuln.init#1 calls golang.org/x/text/language.ParseAcceptLanguage
 
   Found in: golang.org/x/text/[email protected]
   Fixed in: golang.org/x/text/[email protected]

cmd/govulncheck/testdata/modules/vuln/vuln_extra.go

@@ -0,0 +1,9 @@
+//go:build twocallstacks
+
+package main
+
+import "golang.org/x/text/language"
+
+func init() {
+	language.ParseAcceptLanguage("")
+}