patch frontend to use new syfon backend path

[matthewpeterkort]

Summary

This PR is a large Calypr frontend release branch that adds the first full Git-backed project management experience, expands frontend-core API coverage for Gecko/Syfon/Arborist, adds Syfon-backed upload support, and introduces organization/project administration screens.

The main product change is a new /git workflow where users can manage GitHub App-connected repositories, complete pending Calypr project setup, browse Gecko-backed project repositories, manage project access/storage, and upload files through Syfon-backed storage.

Major User-Facing Changes

Git Explorer

Adds a new Git-first product surface:

• /git
• /git/[org]
• /git/[org]/project/[project]
• /git/[org]/project/[project]/blob/[...path]
• /git/[org]/settings

The Git Explorer supports:

• organization/project browsing
• GitHub App connection status
• pending GitHub repo setup completion
• Git repository file browsing
• project repository refresh/upload entry points
• project settings for access and storage management

The global top navigation now treats Git as the primary project-management entry point instead of the older organization/data-lake view.

Pending Project Setup

Adds frontend support for the “GitHub repo connected but Calypr project not created yet” flow.

When a user returns from GitHub App installation/update, the frontend:

• reconciles pending repositories through Gecko
• displays unresolved pending repos on /git
• opens a project completion flow
• collects Calypr org/project metadata
• configures Syfon storage
• creates/updates the Gecko project record

Pending setup is intentionally visible and retryable instead of silently disappearing.

Organization Settings

Adds /git/[org]/settings, an owner/admin-oriented access management page.

The page supports:

• viewing project-level users and buckets
• adding/removing project readers and writers
• adding/removing project owners
• adding/removing organization owners
• editing/deleting bucket associations
• deleting projects with confirmation
• deleting organizations with confirmation

Delete flows are intentionally conservative and require typed confirmation for destructive project/org deletion.

Syfon Upload UI

Adds a new upload feature surface and upload controller logic:

• multipart upload support
• file upload state management
• upload service helpers
• unit tests for upload controller/service/utilities
• route/page wiring for /upload

This is intended to work with the new Syfon backend upload paths rather than legacy Fence data routes.

Organization Explorer Refresh

Adds/updates the older /organization data-lake-oriented view:

• /organization
• /organization/[org]
• /organization/[org]/project/[project]

This remains available as the Syfon/data-lake view, but Git is now the primary project-management UX.

Core API Additions

Gecko Core API

Adds substantial Gecko API support in packages/core/src/features/gecko.

New frontend hooks/types cover:

• Gecko project listing
• Git organization status
• GitHub App connect flows
• pending repository reconciliation
• pending repository listing
• project creation/update/delete
• Git repository browsing
• Git repository refresh/operations

Syfon Core API

Adds substantial Syfon API support in packages/core/src/features/syfon.

New frontend hooks/types cover:

• bucket credential listing/upsert
• bucket scope management
• bucket normalization utilities
• project bucket filtering
• Syfon index APIs
• upload-related API support
• project-level Syfon cleanup/delete support

Arborist/Authz Core API

Adds frontend authz API support for ownership/access-management workflows.

New frontend hooks/types cover:

• authz mapping state
• ownership resource reads
• owner add/remove
• user access grant/revoke
• owned descendant creation
• authz resource deletion

These are used by project setup and organization settings.

Navigation/Auth Changes

This PR includes frontend plumbing changes around:

• top bar navigation
• static nav config normalization
• login menu/panel behavior
• session/user slice behavior
• fetch handling
• sidebar context stability

The goal is to support the new Git-first workflow while avoiding auth/session churn across the new pages.

Sample Commons Wiring

Adds sampleCommons routes/pages for:

• /git
• /git/[org]
• /git/[org]/settings
• /git/[org]/project/[project]
• /git/[org]/project/[project]/blob/[...path]
• /organization
• /organization/[org]
• /organization/[org]/project/[project]
• /upload

Also updates sampleCommons config/build files and icons.

Testing Added

This branch adds or updates tests for:

• Gecko core API behavior
• Syfon API behavior
• Syfon index API behavior
• Syfon normalization utilities
• Upload service
• Upload controller
• Upload utilities
• Git project page behavior
• Git landing page behavior
• Organization landing/project utilities
• Browser utility behavior
• Available images utilities

Backend/API Expectations

This frontend branch expects compatible backend/revproxy support for the new routes.

Required backend surfaces include:

• Gecko Git/project APIs under /gecko/...
• Gecko pending repo APIs
• Arborist ownership/access APIs under /authz/ownership/... and /authz/access/...
• Syfon bucket/upload/project cleanup APIs under /data/...
• Revproxy routes that pass browser-authenticated requests through to Gecko, Arborist, and Syfon correctly

In particular, the settings page depends on Arborist returning ownership/access state for an org/project tree, and uses macro-style access mutation endpoints so the frontend does not need to know whether access came from ownership-managed grants or direct RBAC grants.

Deployment Notes

This branch is not just a visual/frontend-only change. It should be deployed with matching Gecko, Syfon, Arborist, and revproxy changes.

Known required backend alignment:

• Gecko must support GitHub App organization status and pending repo reconciliation.
• Syfon must support the bucket APIs and project cleanup API used by settings/delete flows.
• Arborist must support ownership read/mutation and access mutation macro APIs.
• Revproxy must route /authz/ownership/, /authz/access/, /gecko/, and /data/ correctly.

Validation

Local frontend compile was run successfully:

cd packages/frontend
npm run compile -- --noEmit --incremental false