risk acceptance expiration: keep link with findings

[valentijnscholten]

Partially reverts #11401 to not remove findings from a Risk Acceptance when it expires.

The change to process_resolution_from_jira is just a code readability improvement.

The change to view_eng.html makes the number of findings cell in the Risk Acceptance table clickable.

The main reason for #11401 in january was to make sure expired risk acceptances were getting reflected in JIRA, so this PR adds some calls for that.

The PR also triggers a JIRA sync after a simple risk accept.

The PR also makes some changes to move the save() call out of the jira helper class.

[sc-11552]

[dryrunsecurity]

This pull request introduces a potential security vulnerability in the Jira integration where an attacker could potentially bypass risk acceptance workflows by manipulating Jira resolution names or compromising the integration, though the risk is currently considered non-blocking.

Risk Acceptance Bypass in dojo/jira_link/helper.py

Vulnerability	Risk Acceptance Bypass
Description	The code changes in the Jira integration allow marking a finding as risk-accepted based on external Jira resolution names. If an attacker can manipulate the resolution name or compromise the Jira integration, they could potentially bypass internal risk acceptance workflows.

django-DefectDojo/dojo/jira_link/helper.py

Lines 1770 to 1783 in 8dc2f4a

	jira_instance = get_jira_instance(finding)
	if resolved:
	if (
	jira_instance
	and resolution_name in jira_instance.accepted_resolutions
	and (
	finding.test.engagement.product.enable_simple_risk_acceptance
	or finding.test.engagement.enable_full_risk_acceptance
	)
	):
	if not finding.risk_accepted:
	logger.debug(f"Marking related finding of {jira_issue.jira_key} as accepted.")
	finding.risk_accepted = True

---

All finding details can be found in the DryRun Security Dashboard.