[JENKINS-74745] Extract inline event handler in StatusImage

[darinpope]

Changes Made

• CSP compliance fix: Replaced inline onclick event handlers with CSP-compliant data attributes and external JavaScript handler
• Added JavaScript handler: Created /src/main/webapp/js/badge-click-handler.js to handle badge clicks using event delegation and data attributes
• Updated Jelly templates: Added JavaScript resource loading to JobBadgeAction and RunBadgeAction index pages
• Comprehensive test coverage: Added 6 new test methods covering CSP compliance scenarios, invalid URLs, and HTML escaping

Technical Details

CSP compliance:

• Removed onclick="window.open(...)" inline handlers
• Added class="jenkins-badge-clickable" and data-jenkins-link-url="..." attributes
• External JavaScript uses closest() for efficient event delegation
• Maintains security by validating HTTP/HTTPS protocols

Test Coverage

All existing tests pass, plus new tests verify:

• CSP-compliant attributes are added for valid links
• No CSP attributes for invalid/missing links
• Proper HTML escaping in data attributes
• No inline event handlers in any scenario

🤖 Generated with https://claude.ai/code

Testing done

• mvn clean verify
• manual interactive testing

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests that demonstrate the feature works or the issue is fixed