Geo: Fix verification state transition rules

What does this MR do and why?

This MR does 2 things:

• Allow transition from sync pending or sync failed, to sync failed.
  • Because blocking these transitions is not helpful, and is sometimes harmful
• When registry transitions to sync pending, transition to verification disabled.
  • Leaving the verification state as (started, success, or failed) is non-sensical. Those states only make sense when the registry is "synced". It means we have to ignore the verification state when sync state is pending. So it's clearer to set verification state to pending or disabled when sync state is pending. In particular, this helps to avoid persisting a registry as verification_failed, which is problematic because a lot of code assumes that that registry verification state never occurs. I chose to use verification_disabled because verification_pending caused the registry record to look like a brand new registry record, which would make it impossible for ok_to_skip_download? to distinguish between a brand new registry record (which is ok to skip download when the file already exists) vs one which was transitioned to pending e.g. by clicking Resync (which is NEVER ok to skip download).

Resolves #433182 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

This fixes unusual cases in which the DB is already in a state that violates these rules in the application. We don't have steps to reproduce the problem.