Adds 2025.2 to verifyVersions to enable testing and support for
JetBrains 2025.2 EAP builds with 252.* version numbers.

This addresses customer requests for 2025.2 EAP compatibility.

Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: matifali <[email protected]>

Co-authored-by: GitHub Action <[email protected]>
Co-authored-by: Faur Ioan-Aurel <[email protected]>

…561)

* Set 'jetbrains_connection' as build reason on workspace start

* Fix tests

* impl: support for downloading and verifying cli signatures

* fix: class cast exception

* impl: embed the pgp public key as a plugin resource

This is the key that validates if the gpg signature was tampered

* chore: fix UTs related to CLI downloading

For one thing some method signature changed, some methods are now suspending functions
that will have to run in a coroutine in the tests. The second big issue is that now
the download function requests user's input via a dialog

* fix: download the correct CLI signature for Windows

The signature for windows CLI follows the format: coder-windows-amd64.exe.asc
Currently it is coded to coder-windows-amd64.asc which means the plugin
always fail to find any signature for windows cli

* chore: next version is 2.22.0

* impl: strict URL validation for the connection screen

This commit rejects any URL that is opaque, not hierarchical, not using http or https
protocol, or it misses the hostname.

* impl: strict URL validation for the URI handling

This commit rejects any URL that is opaque, not hierarchical, not using http or https
protocol, or it misses the hostname.

* fix: transform to url only after we checked the validation result

* chore: update UT expected result

* Changelog update - v2.22.0

* chore: empty commit to trigger CI

---------

Co-authored-by: GitHub Action <[email protected]>
Co-authored-by: Faur Ioan-Aurel <[email protected]>

* impl: add new configurable option to disable CLI signature verification

These options are configurable from the Settings page there is no available
shortcut on the main plugin page to discourage the quick disable of CLI verification

* impl: hide configurable fallback if signature verification is disabled

The main plugin screen has a quick shortcut for setting whether the user
wants to fallback on releases.coder.com for signatures if they are not provided by
the main deployment. This checkbox should not be visible if the user wants to disable
signature verification altogether.

* impl: skip signature validation

Signature validation is skipped if the user configured the `disableSignatureVerification` to true.

* chore: update changelog

* chore: next version is 2.22.1

* doc: developer facing documentation for CLI signature verification

* chore: fix UTs

* Changelog update - v2.22.1

* chore: trigger CI

---------

Co-authored-by: GitHub Action <[email protected]>
Co-authored-by: Faur Ioan-Aurel <[email protected]>

* fix: don't create new api keys each time we do workspace polling

The default behavior for `coder login --token <token>` is to:
- use the provided token temporarily to authenticate the login process
- generate a new session token and stores that for future CLI use
- the original token provided is not stored or reused

The Coder `Recent projects` view polls every 5 seconds for workspaces from
multiple Coder deployment. The polling process also involves a call
to the `cli.login`. The cli is later used start workspaces if user clicks on
a project for which the workspace is stopped. Instead of generating a new token
each time we login we can use the `coder login --use-token-as-session --token <token>` which:
- uses the provided token directly as the session token
- stores the original token for future CLI commands
- no new token is generated

* refactor: only login the cli when starting workspaces

The Coder `Recent projects` view polls every 5 seconds for workspaces from
multiple Coder deployment. The polling process also involves a call
to the `cli.login`. The cli is later used to start workspaces if a user clicks on
a project for which the workspace is stopped. The login can be called on demand, only
when a "recent" project is stopped and the user wants to start it. This commit
reduces a lot of overhead associated with spawning cli commands every 5 seconds.

* chore: next version is 2.22.2

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4 to 5.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Faur Ioan-Aurel <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4.2.2...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Faur Ioan-Aurel <[email protected]>