test(sbom-monitor): add Dragonfly user journey acceptance test

[jacek-rzrz]

Adds a real-server acceptance test for the SBOM monitor Dragonfly flow (INTERNAL_SNYK_CLI_ROLLOUT_DFLY_SBOM_MONITOR), following the same pattern as the existing sbom test reachability user journey test — no fake server, runs against the real Snyk API using process.env credentials.

Also renames all-projects.spec.ts → beta-all-projects.spec.ts to distinguish the mocked-server beta tests from this new user journey suite.

Relates to OSF-422.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Missing Flag Validation 🟡 [minor] The test invokes sbom test with --report and --asset-name. According to help/cli-commands/sbom-test.md, these flags are not documented as supported for the sbom test command. While they might be enabled by the INTERNAL_SNYK_CLI_ROLLOUT_DFLY_SBOM_MONITOR flag, using undocumented flags in a 'user journey' test may lead to brittle tests if the final CLI interface differs from this experimental implementation. `sbom test --report --experimental --file=${SBOM_FILE_PATH} --asset-name=${ASSET_NAME}`,

📚 Repository Context Analyzed This review considered 16 relevant code sections from 9 files (average relevance: 0.97) package.json (lines 1-229) package-lock.json (7 segments, lines 6-266) scripts/upgrade-snyk-go-dependencies.go (lines 1-149) CONTRIBUTING.md (lines 1-231) help/cli-commands/sbom-monitor.md (lines 1-90) help/cli-commands/sbom-test.md (lines 1-71) help/cli-commands/code-test.md (lines 1-125) ... and 2 more file(s)

🤖 Repository instructions applied (from AGENTS.md)