fix: update OCI integration instructions to create custom privilege user and create event rules per instance

[felixgateru]

Implements: #4428, #4429

What changed:

The OCI integration's Events rule lifecycle has been redesigned from one rule per trigger to one shared rule per integration+compartment.
The integration setup instructions have also been updated to prompt the user to create a custom user with specified permissions for use in authentication.

Why:

The previous design created a new OCI Events rule every time a trigger was added to a workflow. This caused OCI's per-compartment rule limit to be hit quickly, left orphaned rules behind when triggers were deleted, and duplicated identical rules that all forwarded the same event type to the same ONS topic.
The previous design also had the user use their administrator user API Key credentials which granted SuperPlane administrator capabilities which does not follow best design practices,

How:

Backend:

• Added CompartmentRules map[string]string to IntegrationMetadata in oci.go. This map stores compartmentID → ruleID and is persisted on the integration record, making rule creation idempotent across all trigger setups for the same integration.
• Updated OCI.Cleanup to iterate CompartmentRules and delete all shared Events rules before deleting the ONS topic. The integration is now the single owner and lifecycle manager of all Events rules.
• Replaced the per-trigger ensureEventsRule + cleanupOldRule helpers in on_compute_instance_created.go with a single ensureSharedEventsRule function. It checks integrationMetadata.CompartmentRules[compartmentID] first and returns immediately if a rule already exists; otherwise it creates one and writes the ID back via ctx.Integration.SetMetadata.
• Updated integration instructions to guide user through creating Custom group, Custom user and assingig user to group. The instructions include creating custom policy for the group to provide minimum permissions required for SuperPlane components.

Frontend:

No frontend changes. The trigger configuration UI and mapper are unaffected.

Notes

New integration instructions:

[superplanehq-integration]

👋 Commands for maintainers:

• /sp start - Start an ephemeral machine (takes ~30s)
• /sp stop - Stop a running machine (auto-executed on pr close)

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit af0907e. Configure here.}