only try to create pr if update operations were performed

[brettfo]

The NuGet create_security_pr handler can get into a weird state if analysis updates a file on disk but no updates were possible.

This is admittedly an edge case, but can happen if a project/props/targets injects targets that MSBuild evaluates that edits a tracked file but then no security update was possible. The result is a non-empty set of files with edits but an empty set of update operations which then causes errors when attempting to generate a PR. A PR is obviously incorrect here so the fix is to not only check the edited file count before creating a PR, but also to check the update operation count.

[Copilot]

Pull request overview

This PR prevents the NuGet create_security_pr update handler from attempting to create a pull request when files were modified on disk but no update operations were actually performed (an edge case that can occur during analysis/MSBuild evaluation).

Changes:

• Gate PR creation on both (a) modified dependency files and (b) at least one update operation being performed.
• Add a regression test ensuring “errant” on-disk file edits with zero update operations do not trigger PR creation.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandler.cs	Adds an additional guard (updateOperationsPerformed.Count > 0) before creating a PR to avoid invalid PR generation when only file edits occurred.
nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandlerTests.cs	Adds a test that simulates a file being touched during analysis while CanUpdate=false, asserting no PR creation occurs.