Add API integration to fetch blocked versions at job updates

[kbukum1]

Note: This PR was previously merged as #14917 and reverted due to an incident. This re-introduces the change with fixes applied from review feedback.

What are you trying to accomplish?

Add the API client integration that fetches blocked versions from the API and injects them into the job definition at construction time. Blocked versions are globally managed (not per-job configuration), so they need to be fetched fresh at execution time. This ensures the updater always uses the latest blocked versions list.

This PR also renames the blocked versions payload field from version to version-requirement to align with ignore_conditions conventions and the API contract.

Stacks on #14915 which adds the blocked_versions attribute to the Job class.

Anything you want to highlight for special attention from reviewers?

• The fetch is gated behind the blocked_versions experiment flag — no behavior change without it.
• Graceful degradation on any API or parsing failure — the updater continues without blocked versions.

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[Copilot]

Pull request overview

This PR re-introduces the updater-side integration for fetching globally managed “blocked versions” from the Dependabot API at execution time (gated behind the blocked_versions experiment) and injecting them into the job definition before Dependabot::Job construction. It also updates the blocked versions payload field name from version to version-requirement to align with existing ignore condition conventions and the API contract.

Changes:

• Add ApiClient#fetch_blocked_versions with defensive parsing/error handling and corresponding specs.
• Inject fetched blocked versions into the job definition during UpdateFilesCommand#job construction (experiment-gated) with specs.
• Rename blocked versions entries to use version-requirement across job behavior/tests and dry-run helper output.

Show a summary per file

File	Description
updater/lib/dependabot/update_files_command.rb	Deep-copies job definition and injects API-fetched blocked versions when experiment is enabled.
updater/lib/dependabot/api_client.rb	Adds API client method to fetch blocked versions (instrumented, defensive).
updater/lib/dependabot/service.rb	Delegates fetch_blocked_versions through the service adapter.
updater/lib/dependabot/job.rb	Updates blocked versions handling/logging to use version-requirement.
updater/spec/dependabot/api_client_spec.rb	Adds test coverage for blocked versions API fetch success/failure/format cases.
updater/spec/dependabot/update_files_command_spec.rb	Adds test coverage for experiment-gated fetch + injection behavior.
updater/spec/dependabot/job_spec.rb	Updates blocked versions fixtures/expectations to version-requirement.
bin/dry-run.rb	Updates blocked versions example/output keys to version-requirement.

Copilot's findings

• Files reviewed: 7/8 changed files
• Comments generated: 1

[Copilot]

Copilot's findings

• Files reviewed: 7/8 changed files
• Comments generated: 1

[Copilot]

Copilot's findings

• Files reviewed: 7/8 changed files
• Comments generated: 1

[Copilot]

Copilot's findings

• Files reviewed: 7/8 changed files
• Comments generated: 1

[Copilot]

Copilot's findings

• Files reviewed: 7/8 changed files
• Comments generated: 0 new