Implement resolver for listing secrets that need to be rotated

Summary

This issue implements the GraphQL resolver needed to fetch secrets requiring rotation for the GitLab Secrets Manager. The resolver will support the frontend banner notification system by identifying secrets approaching their rotation deadline or overdue for rotation, based on the secret_rotation_infos table.

GraphQL Query

Root Query Resolver (consistent with existing projectSecrets query pattern):

query {
  projectSecretsNeedingRotation(projectPath: "test-project") {
    nodes {
      # Uses existing Types::SecretsManagement::ProjectSecretType
      name                    
      description
      environment
      branch
      rotationInfo {            # Nested SecretRotationInfoType
        rotationIntervalDays
        status                  # APPROACHING or OVERDUE
        updatedAt
        createdAt
      }
    }
  }
}

Response Ordering:

• Overdue secrets first (most urgent)
• Then approaching secrets (by earliest due date)
• Frontend can easily separate them by checking node.rotationInfo.status

Implementation Approach

Given the secret_rotation_infos may contain orphaned records, we can't directly query it. So we need to fetch the project secrets from openbao first and then load the associated rotation info records, similar to the ProjectSecrets::ListService:

1. New Service: Create SecretsManagement::ProjectSecrets::ListNeedingRotationService
2. Follow Same Pattern: Use user_client.list_secrets() like ListService does
3. Filter During Processing: Only process secrets that have rotation info with [:approaching, :overdue] status
4. Return Ordered List: Return flat array of ProjectSecret objects, ordered by urgency
5. Batch Load Rotation Info: Use same efficient batch loading pattern as ListService