fix: prevent silent abort of webhook payload when a single repo validation fails

[AftAb-25]

Description

This PR patches a massive loop abort vulnerability inside the GitHub App Webhook processor (processInstallationRepositoriesAppEvent) that was causing data starvation and ghost-access leaks.

When an installation_repositories payload arrives from GitHub, it iterates through both addedRepos and removedRepos to synchronize the installation. Previously, if any single repository failed the basic name or ID parsing validation (e.g. an empty name string), the function would instantly return an error.

This broke three major things:

1. It instantly returned a 500 error to GitHub, tricking GitHub into repeatedly retrying the exact same webhook payload, crashing on the exact same bad repo every time.
2. Every subsequent valid repository in the addedRepos batch was completely dropped.
3. Because the abort happened top-down, the loop never even reached event.GetRepositoriesRemoved(). Any repositories the user explicitly revoked access to in that same batch were ignored, causing Minder to inappropriate retain data access tracking indefinitely.

Changes

• Swapped the fatal return nil, err across both the added and removed loops with a graceful zerolog warning and a continue.
• Hardened the repositoryRemoved() signature to proactively validate repo.GetID() != 0 and safely surface errors rather than blinding panicking or injecting zero-values.
• Added explicit unit tests (app_batch_test.go) validating batch resilience when dropping mixed invalid repositories into both the added and removed slices.

Fixes #6359

Checklist

• Code compiles cleanly
• Includes tests for the changes

[coveralls]

coverage: 59.404% (+0.01%) from 59.39% — AftAb-25:fix/6359-webhook-batch-abort into mindersec:main