Check for remediations nonemptiness

`Vulnerabilities::Finding#raw_metadata` can have a key `remediations`
of value `[null]` which will get serialized to `[nil]` and the passed to
`ee/app/views/vulnerabilities/issue_description.md.erb` which will
satisfy `vulnerability.remediations.present?` check but will fail upon
accessing any keys.

ee/app/views/vulnerabilities/issue_description.md.erb

@@ -42,7 +42,7 @@
 <% end %>
 <% end %>
 
-<% if vulnerability.remediations.present? %>
+<% if vulnerability.remediations.present? && vulnerability.remediations.any? %>
 ### <%= _("Remediations") %>:
 
 <% vulnerability.remediations.each do |remediation| %>

ee/spec/services/ee/issues/create_from_vulnerability_service_spec.rb

@@ -32,6 +32,21 @@ RSpec.describe Issues::CreateFromVulnerabilityService, '#execute' do
   context 'when a vulnerability exists' do
     let(:result) { described_class.new(container: project, current_user: user, params: params).execute }
 
+    context 'when raw_metadata has no remediations' do
+      before do
+        finding = vulnerability.finding
+        metadata = Gitlab::Json.parse(finding.raw_metadata)
+        metadata["remediations"] = [nil]
+        finding.raw_metadata = metadata.to_json
+        finding.save!
+      end
+
+      it 'does not display Remediations section' do
+        expect(vulnerability.remediations).to eq([nil])
+        expect(result[:issue].description).not_to match(/Remediations/)
+      end
+    end
+
     context 'when user does not have permission to create issue' do
       before do
         allow_next_instance_of(described_class) do |instance|