fix: use O(n) map lookups to associate credentials with consumers

[Abhicodeitout]

KongRawStateToKongState previously used O(n²) nested loops to match credential records to their consumers. With large consumer counts (e.g. 6,912 KongConsumers each with a JWT credential) this produced ~48M comparisons and caused the last-valid-config fallback to time out, resulting in an empty/partial config being pushed to Kong and causing JWT auth failures ('401 Invalid Signature').

Fix by pre-building consumer-ID-keyed maps for all 7 credential types before the consumer loop, then replacing the inner scans with O(1) map lookups.

Fixes #7128

What this PR does / why we need it

This PR eliminates a critical performance bottleneck in the Kong configuration reconciliation pipeline. The KongRawStateToKongState function is responsible for converting raw Kong state (from the Kong Admin API) to the internal KongState representation used by the KIC.

In deployments with thousands of consumers and credentials, the previous O(n²) algorithm caused:

• Timeouts in configuration synchronization (last-valid-config fallback triggered)
• Empty/partial configurations pushed to Kong dataplane
• Authentication failures for users with JWT and other credential types (401 Invalid Signature errors)

The fix maintains backward compatibility while dramatically improving performance by:

• Pre-building 7 consumer-ID-indexed lookup maps (one for each credential type: KeyAuth, HMACAuth, JWTAuth, BasicAuth, ACLGroup, Oauth2Credential, MTLSAuth)
• Replacing inner scan loops with O(1) map lookups during the consumer loop
• Total operations: O(n) instead of O(n²), reducing a 6,912-consumer scenario from ~48M comparisons to ~7K lookups

Which issue this PR fixes

Fixes #7128 - Configuration reconciliation timeouts causing JWT auth failures in large-scale deployments

Special notes for your reviewer

Performance Impact:

• Tested scenario: 6,912 consumers, each with 1 JWT credential
• Previous implementation: ~48M comparisons, timeout (last-valid-config fallback)
• New implementation: ~7K O(1) lookups, completes instantly

Testing:

• All existing unit tests pass (particularly TestKongRawStateToKongState validates credential association correctness)
• No behavioral changes, only algorithmic optimization
• CHANGELOG.md has been updated with detailed release notes

Implementation Details:

• 7 credential-type-specific maps are built sequentially before the consumer loop to maintain deterministic order
• Early exit for consumers with nil IDs prevents unnecessary lookups
• sanitizeAuth() calls remain in the pre-building phase as originally designed
• Changes are isolated to the credential association logic in KongRawStateToKongState

PR Readiness Checklist

Complete these before marking the PR as ready to review:

• the CHANGELOG.md release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR

[CLAassistant]

All committers have signed the CLA.

[Abhicodeitout]

@subicura i need review

[codecov]

Codecov Report

❌ Patch coverage is 97.26027% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.6%. Comparing base (e25003e) to head (b4643b5).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/dataplane/configfetcher/kongrawstate.go	97.2%	1 Missing and 1 partial ⚠️

❗ There is a different number of reports uploaded between BASE (e25003e) and HEAD (b4643b5). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (e25003e)	HEAD (b4643b5)
	2	1

Additional details and impacted files

@@           Coverage Diff            @@
##            main   #7889      +/-   ##
========================================
- Coverage   78.5%   58.6%   -19.9%     
========================================
  Files        222     222              
  Lines      20791   20801      +10     
========================================
- Hits       16323   12204    -4119     
- Misses      3433    7890    +4457     
+ Partials    1035     707     -328     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.