Merge command returns invalid SARIF if there are 0 input files.

[harleenkohli]

Multitool "merge" command allows us to pass a collection of sarif files using wildcard. e.g. the following is valid:

sarif merge --pretty-print "$ScanResultsFolder\*.sarif" --recurse --output-folder $MergedLogsFolder --output-file "$MergedFileName"

However, if there is no sarif file in the $ScanResultsFolder, the resulting merged file looks like this:

{
  "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",
  "version": "2.1.0",
  "runs": null
}

• If this invalid sarif, we should fix it.
• If this is valid sarif, this breaks other things in our ecosystem, e.g. ADO viewer or other sarif commands namely match-results-forward which expect run object - so we should handle this case more appropriately - perhaps throw an exception?

[ghost]

Although runs can have the value null, it is invalid in this case. The spec says (§3.13.4):

The value of runs SHALL be an array with at least one element except in the following circumstances:

• If a SARIF producer finds no data with which to populate runs, then its value SHALL be an
  empty array.

NOTE 1: This would happen if, for example, the log file were the output of a query on a
result management system, and the query did not match any runs stored in the result
management system.

• If a SARIF producer tries to populate runs but fails, then its value SHALL be null.

NOTE 2: This would happen if, for example, the log file were the output of a query on a
result management system, and the query was malformed.

Here we are in the first situation: the "query" ("*.sarif") returned no data. So IMO the right answer is to produce an empty runs array.