feat(enable-banking): enhance transaction import, metadata handling, and UI (#1406)

* feat(enable-banking): enhance transaction import, metadata handling, and UI

* fix(enable-banking): address security, sync edge cases and PR feedback

* fix(enable-banking): resolve silent failures, auth overrides, and sync logic bugs

* fix(enable-banking): resolve sync logic bugs, trailing whitespaces, and apply safe_psu_headers

* test(enable-banking): mock set_current_balance to return success result

* fix(budget): properly filter pending transactions and classify synced loan payments

* style: fix trailing whitespace detected by rubocop

* refactor: address code review feedback for Enable Banking sync and reporting

---------

Signed-off-by: Louis <contact@boul2gom.com>
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>

app/models/enable_banking_item/provided.rb

@@ -9,4 +9,22 @@ module EnableBankingItem::Provided
       client_certificate: client_certificate
     )
   end
+
+  # Build PSU context headers for data endpoint calls.
+  # The Enable Banking API spec mandates: "either all required PSU headers or none".
+  # We can only provide Psu-Ip-Address (from last_psu_ip stored at request time).
+  # If the ASPSP requires other PSU headers we cannot satisfy server-side, we send none
+  # to avoid a PSU_HEADER_NOT_PROVIDED error for partially-supplied headers.
+  def build_psu_headers
+    return {} if aspsp_required_psu_headers.blank?
+
+    required = aspsp_required_psu_headers.map(&:downcase)
+
+    # Only attempt to satisfy the headers if the only required one is Psu-Ip-Address
+    # (the one we can populate from stored data)
+    satisfiable = required.all? { |h| h == "psu-ip-address" }
+    return {} unless satisfiable && last_psu_ip.present?
+
+    { "Psu-Ip-Address" => last_psu_ip }
+  end
 end