Fix go modules error in package details fetcher due to subpath issue

[AbhishekBhaskar]

What are you trying to accomplish?

Fixes #15027

Go-based pre-commit additional_dependencies that use sub-package paths (e.g., github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.10.0) fail to find newer versions. The PackageDetailsFetcher passes the full package path to go list -m -versions -json, but this command expects a module path, not a package path. The Go proxy returns 404 for the sub-package path, causing Dependabot to incorrectly report the current version as the latest.

This change adds a fallback mechanism: when no versions are found for the full path, progressively shorter paths are tried (e.g., github.com/wasilibs/go-shellcheck/cmd → github.com/wasilibs/go-shellcheck) until the actual module root is found.

Anything you want to highlight for special attention from reviewers?

• The fallback only triggers when the initial query returns no versions (nil), so existing behavior for valid module paths is unchanged.
• The minimum path length is 3 segments (e.g., github.com/owner/repo), which is the standard for well-known hosts. This prevents unnecessary queries for paths that can't be valid Go modules.

How will you know you've accomplished your goal?

• If the correct latest available version for the dependency is fetched even when the subpath is specified
• Added unit tests for: sub-package path falling back to module root, direct module path working without fallback, and graceful degradation when no path returns versions.
• All 8 tests in package_details_fetcher_spec.rb pass.

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[Copilot]

Pull request overview

Fixes Go Modules PackageDetailsFetcher behavior for dependencies specified as sub-package import paths (e.g., .../cmd/tool), by attempting to resolve available versions from progressively shorter paths when the initial go list -m -versions query yields no versions.

Changes:

• Refactors version retrieval into fetch_module_versions and introduces resolve_module_versions_from_subpath fallback logic.
• Adds specs covering sub-package fallback, module-root behavior, and the “no versions anywhere” case.

Show a summary per file

File	Description
go_modules/lib/dependabot/go_modules/package/package_details_fetcher.rb	Adds version-fetch helper and subpath-to-module-root fallback logic.
go_modules/spec/dependabot/go_modules/package/package_details_fetcher_spec.rb	Adds unit tests for the new fallback behavior and edge cases.

Copilot's findings

• Files reviewed: 2/2 changed files
• Comments generated: 3

[albertoblue87-netizen]

Done