fix: restore graph nodes when moduleArtifacts is empty

[adrobuta]

• Tests written and linted
• Documentation written
• Commit history is tidy

What this does

After PR #299 (v5 graph changes), loadGraph / loadSha1MapGraph in lib/init.gradle only created edges and recursed into d.children inside moduleArtifacts.each { ... }. When getModuleArtifacts() returned null or an empty list (common with merged default configurations, some variants, optional edges, substitution chains), the plugin skipped the node entirely and never walked children, so transitive and substituted dependencies disappeared from JSONDEPS / Gradle dep graph even though Gradle still resolved them (e.g. runtimeClasspath / dependencyInsight showed them).
This change adds a fallback path: if there are no module artifacts, emit a single logical group:artifact:jar@version node, setEdge, and recurse d.children, matching the usual default artifact shape. The same idea is applied in loadSha1MapGraph (SHA-1 keyed like the existing no-file/hash fallback).

Notes for the reviewer

How should this be manually tested?

Prerequisites: JDK 17+, network for Maven Central / Snyk API, a Snyk account/token as usual for snyk test.
Link patched plugin into the CLI (adjust paths to your checkout):

 cd /path/to/snyk-gradle-plugin
 npm pack   # produces snyk-gradle-plugin-<version>.tgz
 cd /path/to/snyk/cli   # or snyk-ls or wherever the CLI resolves the gradle plugin
 npm install /path/to/snyk-gradle-plugin/snyk-gradle-plugin-<version>.tgz

Or use whatever internal workflow you use to point the CLI at a local snyk-gradle-plugin build.
Run against the repro fixture (from repo root of this plugin, or pass absolute path):

  cd test/fixtures/spring-kafka-lz4-substitution-repro
  snyk test --file=build.gradle

What to expect (findings / counts)
Dependency count: Scan should report on the order of ~50+ Maven/Groovy dependencies (exact number can shift slightly with CLI/plugin versions; before the fix, org.lz4:lz4-java was often missing from the tested set).
Sanity: Output / dependency list should include org.lz4:lz4-java and org.apache.kafka:kafka-clients; substituted at.yawk.lz4:lz4-java should not appear as the resolved coordinate for the scan.

Screenshots

Visuals that may help the reviewer

Additional questions

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ JamesPatrickGill
❌ adrobuta
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.