Fix go.mod: upgrade to command/v2

What does this MR do?

• Bump command version in go.mod to command/v2.
• Bump report version to 4.1.0.

Prior to this MR, the git tag v2.0.0 was inconsistent with go.mod.

Report v4.1.0 no longer outputs the cve field when it's empty. See report!66 (merged)

What are the relevant issue numbers?

gitlab-org/gitlab#375364 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer