osv-scanner: check should not fail for backend vulnerabilities in Grafana dependencies

[xnyo]

I tried running the validator in https://github.com/grafana/plugins-drone-to-gha with grafana/grafana-plugin-sdk-go@v0.250.0 and I got the following errors from osv-scanner:

::error title=plugin-validator: Error: osv-scanner detected a high severity issue::SEVERITY: HIGH in package github.com/getkin/kin-openapi, vulnerable to CVE-2025-30153 GO-2025-3533
::error title=plugin-validator: Error: osv-scanner detected high severity issues::osv-scanner detected 1 unique high severity issues for lockfile: /workspace/go.mod
::error title=plugin-validator: Error: osv-scanner detected a high severity issue::SEVERITY: HIGH in package cross-spawn, vulnerable to CVE-2024-21538
::error title=plugin-validator: Error: osv-scanner detected a critical severity issue::SEVERITY: CRITICAL in package form-data, vulnerable to CVE-2025-7783
::error title=plugin-validator: Error: osv-scanner detected a high severity issue::SEVERITY: HIGH in package playwright, vulnerable to CVE-2025-59288
::error title=plugin-validator: Error: osv-scanner detected a high severity issue::SEVERITY: HIGH in package ws, vulnerable to CVE-2024-37890
::error title=plugin-validator: Error: osv-scanner detected critical severity issues::osv-scanner detected 1 unique critical severity issues for lockfile: /workspace/package-lock.json
::error title=plugin-validator: Error: osv-scanner detected high severity issues::osv-scanner detected 3 unique high severity issues for lockfile: /workspace/package-lock.json

github.com/getkin/kin-openapi is a dependency of the SDK, not the plugin, but it's still being reported by the validator.

We should exclude Grafana dependencies from osv-scanner, similar to what we do with the JavaScript dependencies:

plugin-validator/pkg/analysis/passes/osvscanner/cache-grafana-packages.go

Line 9 in e12fba3

func IncludedByGrafanaPackage(