Golang x/vuln: govulncheck panics with GOEXPERIMENT=jsonv2

When GOEXPERIMENT has jsonv2 set, govulncheck panics on anything importing encoding/json.

go version
go version go1.25rc2 darwin/arm64

# go version -m $(which govulncheck)
/Users/artyom/go/bin/govulncheck: go1.25rc2 X:greenteagc
    path    golang.org/x/vuln/cmd/govulncheck
    mod golang.org/x/vuln   v1.1.4  h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I=
    dep golang.org/x/mod    v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
    dep golang.org/x/sync   v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
    dep golang.org/x/telemetry  v0.0.0-20240522233618-39ace7a40ae7  h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0=
    dep golang.org/x/tools  v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
    build   -buildmode=exe
    build   -compiler=gc
    build   -trimpath=true
    build   DefaultGODEBUG=asynctimerchan=1,containermaxprocs=0,decoratemappings=0,gotestjsonbuildtext=1,gotypesalias=1,httpservecontentkeepheaders=1,multipathtcp=0,randseednop=0,rsa1024min=0,tls3des=1,tlsmlkem=0,tlssha1=1,updatemaxprocs=0,winreadlinkvolume=0,winsymlink=0,x509keypairleaf=0,x509negativeserial=1,x509rsacrt=0,x509sha256skid=0,x509usepolicies=0
    build   CGO_ENABLED=1
    build   GOARCH=arm64
    build   GOEXPERIMENT=greenteagc
    build   GOOS=darwin
    build   GOARM64=v8.0

To reproduce:

# cd $(mktemp -d)
# go mod init example.com/pkg
# cat go.mod 
module example.com/pkg

go 1.25rc2

# cat > main.go <<EOF 
package main
import "encoding/json"
func main() { _ = new(json.Encoder) }
EOF

# go env -u GOEXPERIMENT
# govulncheck .
No vulnerabilities found.

# go env -w GOEXPERIMENT=jsonv2
# govulncheck . 2>&1 | head -3
panic: got encoding/json/jsontext.Value, want variadic parameter of unnamed slice or string type

goroutine 533 gp=0x1400060b500 m=9 mp=0x14000580008 [running]:

It doesn't matter whether govulncheck itself is built with GOEXPERIMENT=jsonv2 or without.