feat: show rate-limit UI feedback during 429 retry backoff

[danskmt]

Description

When the CLI is rate-limited (HTTP 429), retry backoff previously happened silently, making the CLI look hung. This PR adds user-visible feedback during 429 retry waits and records retry rate-limit events in v2 instrumentation.

During 429 backoff (between attempts):

• RetryMiddleware wraps retry failures in RetryAttemptError and invokes an optional RetryNotifyFunc via backoff.WithNotify.
• networkImpl.handleRetryNotify maps 429 attempts to a catalog TooManyRequestsError (Level: warn, detail: Waiting up to Xs before retry (attempt N/M).) and shows it via OutputError.
• Only 429 is surfaced; other retried status codes (5xx, etc.) do not produce this warn.

Telemetry:

• Per workflow invocation, engineimpl.go wires SetRetryNotify on the cloned network access to call AddError with the catalog 429 warn, which appears in v2 interaction.errors as SNYK-0001.

When 429 retries are exhausted:

• RetryMiddleware still returns the last 429 response with nil error (unchanged).
• Downstream ResponseMiddleware maps 429 to SNYK-0001 (TooManyRequestsError, level error) — covered by an added test in response_test.go; response.go is unchanged.

Plumbing:

• retry_middleware.go: RetryAttemptError, RetryNotifyFunc, optional callback on NewRetryMiddleware, notifyRetry
• networking.go: RetryFeedbackNetworkAccess optional interface, handleRetryNotify, CatalogNotificationFromRetryAttempt, UI + callback wiring on networkImpl
• engineimpl.go: SetUserInterface on network access; per-invocation SetRetryNotify for instrumentation
• pkg/mocks/networking.go: MockRetryFeedbackNetworkAccess
• Tests: TestCatalogNotificationFromRetryAttempt, retry callback/exhaustion tests, 429 mapping in response_test.go

Checklist

• Tests added and all succeed (make test)
• Regenerated mocks, etc. (make generate)
• Linted (make lint)
• Test your changes work for the CLI
  1. Clone / pull the latest CLI main.
  2. Run go get github.com/snyk/go-application-framework@b2a5217339f862aaabf928c17c1429a0cec9b549 in the cliv2 directory.
     • Tip: for local testing, you can uncomment the line near the bottom of the CLI's go.mod to point to your local GAF code.
  3. Run go mod tidy in the cliv2 directory.
  4. Run the CLI tests and do any required manual testing.
  5. Open a PR in the CLI repo now with the go.mod and go.sum changes.
  • Once this PR is merged, repeat these steps pointing at the latest GAF commit on main and update your CLI PR.

CLI PR: snyk/cli#6836

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Breaking Change 🟡 [minor] The signature of NewRetryMiddleware has been changed to return http.RoundTripper instead of *RetryMiddleware. While this is architecturally cleaner, it is a breaking change for any external packages that might have been casting the result or relying on the concrete pointer type. Internal callers have been updated to match the new variadic signature. func NewRetryMiddleware(config configuration.Configuration, logger *zerolog.Logger, roundTripper http.RoundTripper, onRetryNotify ...RetryNotifyFunc) http.RoundTripper {

📚 Repository Context Analyzed This review considered 22 relevant code sections from 15 files (average relevance: 0.99) pkg/networking/middleware/netstack_error_handler.go (lines 1-170) pkg/networking/middleware/response.go (lines 1-164) pkg/networking/middleware/auth_header.go (lines 1-117) pkg/auth/authenticator.go (lines 1-61) pkg/auth/oauth2authenticator.go (lines 1-257) pkg/mocks/userinterface.go (lines 1-177) pkg/local_workflows/connectivity_check_extension/connectivity/checker.go (lines 1-255) ... and 8 more file(s)