fix: abort repository deletion if upstream webhook deregistration fails

[AftAb-25]

Fixes #6369

Description

This fixes a critical resource leak where deleting a repository from Minder could leave a permanently orphaned "zombie" webhook in the user's GitHub repository.

Previously, when a user deleted a repo, deleteRepository in internal/repositories/service.go would attempt to deregister the webhook upstream. If that GitHub API call failed (e.g., due to a temporary network issue, rate limit, or revoked token), the code simply logged the error and blithely continued to delete the repository from the Minder database.

Once deleted from Minder, the user had absolutely no way to retry the deletion, leaving the active webhook permanently installed on their GitHub repo. This webhook would continuously spray ingress traffic against Minder, which would just 404 or sql.ErrNoRows since the repo no longer existed in the database.

Changes

• Added a fail-fast return to deleteRepository. The DB transaction that wipes the repository is now completely skipped if client.DeregisterEntity fails, allowing users to safely retry the deletion once credentials or upstream connectivity are restored.
• Updated the two DeleteRepository unit tests that previously baked in the old leak behavior (they expected the DB deletion to succeed even when deregistration failed). These tests now correctly expect an error.

Checklist

• Code compiles correctly
• Added tests that fail without the change (if possible)
• All tests passing
• Extended the README / documentation, if necessary

[coveralls]

coverage: 59.54% (+0.001%) from 59.539% — AftAb-25:fix/6369-webhook-orphan-leak into mindersec:main