Disambiguate FMAs sharing macOS bundle IDs

[allenhouchins]

Fix handling of Fleet-maintained apps that share a macOS bundle identifier (e.g. Firefox and Firefox ESR). Removed the blind rename from UpsertMaintainedApp and added ReconcileMaintainedAppSoftwareNames: a two-pass, idempotent reconciliation that (1) renames titles tied to a single FMA via installer links and (2) heuristically renames by bundle identifier only when the identifier maps to exactly one FMA name. Updated team join logic to prefer matching by installer link and fall back to bundle identifier, changed GetFMANamesByIdentifier to omit ambiguous identifiers, added a call to reconcile during the maintained-apps sync, and extended the datastore interface and mock accordingly. Added tests and a manifest check for known shared identifiers, plus a changelog entry.

Related issue: Resolves #

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.

• Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters.

• Timeouts are implemented and retries are limited to avoid infinite loops

• If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes

Testing

• Added/updated automated tests

• Where appropriate, automated tests simulate multiple hosts and test for host isolation (updates to one hosts's records do not affect another)

• QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

• Confirmed that the fix is not expected to adversely impact load test results
• Alerted the release DRI if additional load testing is needed

Database migrations

• Checked schema for all modified table for columns that will auto-update timestamps during migration.
• Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects.
• Ensured the correct collation is explicitly set for character columns (COLLATE utf8mb4_unicode_ci).

New Fleet configuration settings

• Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for GitOps-enabled settings:

• Verified that the setting is exported via fleetctl generate-gitops
• Verified the setting is documented in a separate PR to the GitOps documentation
• Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional)
• Verified that any relevant UI is disabled when GitOps mode is enabled

fleetd/orbit/Fleet Desktop

• Verified compatibility with the latest released version of Fleet (see Must rule)
• If the change applies to only one platform, confirmed that runtime.GOOS is used as needed to isolate changes
• Verified that fleetd runs on macOS, Linux and Windows
• Verified auto-update works from the released version of component to the new version (see tools/tuf/test)

[codecov]

Codecov Report

❌ Patch coverage is 92.15686% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.31%. Comparing base (0fc1cb7) to head (6bb9133).
⚠️ Report is 43 commits behind head on main.

Files with missing lines	Patch %	Lines
server/datastore/mysql/maintained_apps.go	95.91%	1 Missing and 1 partial ⚠️
server/mdm/maintainedapps/sync.go	0.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #47951      +/-   ##
==========================================
- Coverage   67.31%   67.31%   -0.01%     
==========================================
  Files        3655     3655              
  Lines      231251   231271      +20     
  Branches    12075    12075              
==========================================
+ Hits       155667   155680      +13     
- Misses      61620    61624       +4     
- Partials    13964    13967       +3     

Flag	Coverage Δ
backend	68.94% <92.15%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[allenhouchins]

[allenhouchins]

Still prevented from adding both Firefox and Firefox ESR to the same fleet because of the shared bundle identifier but that is currently the expected behavior. Worth noting, the error message is slightly misleading.