APM Server version (apm-server version):

Description of the problem including expected versus actual behavior:

The apm-server binary in our docker image is showing up with "tampered" vcs information. I'm not sure if that's the reason some security scanner are picking up false positives but this should be fixed anyway

Steps to reproduce:

1. look at apm-server binary in docker image with go version -m
2. observed tampered vcs information

Provide logs (if relevant):