Allow vulns to be imported without a service

[DJensen94]

Allow vulnerabilities to be added without a service

🗣 Description

If a vuln doesn't have a port associated with it don't attempt to create a service and insert the vuln without the service

💭 Motivation and context

Credential breaches don't link back to a given service, so they were failing to insert.

🧪 Testing

✅ Pre-approval checklist

• [x] This PR has an informative and human-readable title.
• [x] Changes are limited to a single goal - eschew scope creep!
• [x] All future TODOs are captured in issues, which are referenced in code comments.
• [x] All relevant type-of-change labels have been added.
• [x] I have read the CONTRIBUTING document.
• [x] These code changes follow cisagov code standards.
• [x] All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
• [x] Tests have been added and/or modified to cover the changes in this PR.
• [x] All new and existing tests pass.

✅ Pre-merge checklist

• [x] Revert dependencies to default branches.
• [x] Finalize version.

✅ Post-merge checklist

• [x] Create a release.