Description
Per the linked ticket, the Zenodo DOI process was failing, so some tagged version that should have automatic DOIs did not.

This PR adds a new admin/curator-only endpoint that we can use to identify these "missing" DOIs, so that we can generate them. My experiments on some db dumps suggest that about 50% of the versions that should have an automatic DOI do not (because DOI generation failed). So, this endpoint will returns lots of versions.

A DOI is "missing" if the version and parent entry meet the automatic DOI criteria, and the version was created after February 19, 2025 (the day we launched the automatic DOI feature).

The new getVersionsMissingAutomaticDoi endpoint is different from the getVersionsNeedingRetroactiveDoi endpoint. getVersionsMissingAutomaticDoi identifies all versions that should have been assigned a DOI by the webservice, and returns them in most-recent-first order. getVersionsNeedingRetroactiveDoi is intended to be used to distribute retroactive DOIs evenly to all eligible workflows, even old ones.

The new endpoint is backed by a db query, which I originally tried to adapt from one of the queries used by getVersionsNeedingRetroactiveDoi. The resulting query ran forever (longer than my patience for it), so I reordered some parts of the join, improving response time to about 60 seconds. However, this was still too slow, so I came up with a new query that essentially intersects two sets of version IDs: one set that meets the version-related criteria, and another set corresponding to workflows that meet the workflow-related criteria. The resulting query runs in a second or so.

Review Instructions
On staging, hit the getVersionsMissingAutomaticDoi endpoint, and confirm that the first few results correspond to recent tagged versions that should have an automatic DOI, but do not.

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-7226

Security and Privacy

If there are any concerns that require extra attention from the security team, highlight them here and check the box when complete.

• Security and Privacy assessed

e.g. Does this change...

• Any user data we collect, or data location?
• Access control, authentication or authorization?
• Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

• Check that you pass the basic style checks and unit tests by running mvn clean install
• Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
• Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
• If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
• Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
• Do not serve user-uploaded binary images through the Dockstore API
• Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
• Do not create cookies, although this may change in the future
• If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.