Reconcile created Jira issues

What does this MR do and why?

This MR implements the support for Jira's search and reconcile pattern to ensure newly created Jira issues appear immediately in the vulnerability related issues list.

Problem

Jira's /rest/api/3/search/jql endpoint (that we switched to in !206815 (merged)) uses eventual consistency, meaning newly created issues don't appear immediately in search results. When users create a Jira issue from a GitLab vulnerability, the issue sometimes won't show up in the related issues list until the page is refreshed.

Solution

This MR implements the backend changes needed for Atlassian's recommended search and reconcile pattern:

1. Automatic reconciliation for vulnerability searches: When searching for issues by vulnerability_ids, the IssuesFinder automatically looks up the related Jira issue keys from the database and passes them to CloudListService as reconcile_issue_ids.

2. CloudListService reconciliation: The Jira::Requests::Issues::CloudListService transforms reconcile_issue_ids into the reconcileIssues parameter and includes it in the Jira search API request.

3. Transparent to users: The reconciliation happens automatically in the backend without requiring any frontend changes. When users search for issues related to a vulnerability, newly created Jira issues will appear immediately.

The reconcileIssues parameter tells Jira's search endpoint: "I expect these issue IDs to exist, so if they're not in your index yet, please include them anyway."

Implementation Details

• Added jira_issue_keys_for_vulnerabilities class method to Vulnerabilities::ExternalIssueLink model to safely query external issue keys
• Updated IssuesFinder to call this method when searching by vulnerability_ids on Jira Cloud
• Updated CloudListService to accept and use reconcile_issue_ids parameter
• Limited reconciliation to 50 vulnerabilities per request (Jira API limit)
• Only applies to Jira Cloud (not Server)

References

• !206815 (comment 2792137174) (design discussion to split this out)
• #569792 (closed) (original issue)
• #577380 (new issue)

Screenshots or screen recordings

Before	After
After clicking the "Create Jira issue" button, the "Related Jira issues" widget will sometimes show the created Jira issue. If it doesn't, a hard refresh normally shows it.	After clicking the "Create Jira issue" button, the "Related Jira issues" widget will immediately show the created Jira issue every time.

How to set up and validate locally

1. In GDK, select a project and configure the Jira integration
   • See gdk.test_3000_gitlab-org_gitlab-test_-_settings_integrations_jira_edit for the settings
   • If you require Jira Cloud credentials, I'm happy to share mine. Please contact me in Slack.
2. If you don't have vulnerabilities in the project, use bundle exec rake gitlab:seed:vulnerabilities to seed some.
3. Try to create a Jira issue for a vulnerability. The created issue should appear immediately in the related Jira issues widget.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.