BUG: Handle invalid canonical semver returned by deps.dev

[nieomylnieja]

Some packages have defined an invalid (from Go perspective) version.
Example of that is https://github.com/kat-co/vala.
If we have a following go.mod file:

module test

go 1.21

require (
  github.com/kat-co/vala v0.0.0-20170210184112-42e1d8b61f12
)

Since there's no way to get versions list for a package that does not have any canonical semver, we resort to deps.dev in this scenario.
The site lists 3 versions:

And since the latest there is v1, we currently take it as the latest and query goproxy for it.
This however results in an error since goproxy does not recognize such version.

Correct behavior should be to discard non-canonical version from the results returned by goproxy.