Optimize list_groups_info query: replace OR join predicate with LATERAL JOIN + UNION

[Copilot]

📝 New contributors

• I have read, understand, and agree to the Contributor Agreement. By checking this box, I confirm I have the right to contribute this work and I grant Defguard sp. z o.o. the necessary rights to use my contribution as outlined in the full agreement.: https://tnt.sh/s/defguard-contribution-agreement

📖 Description

The list_groups_info query joined wireguard_network with an OR predicate (wn.allow_all_groups OR wn.id = wnag.network_id), causing every allow_all_groups network to match against every row in wireguard_network_allowed_group — a result-set explosion proportional to O(groups × allow_all_groups_networks).

Fix: Replace the OR join with a LEFT JOIN LATERAL over a UNION subquery that resolves each branch independently:

-- Before
LEFT JOIN "wireguard_network_allowed_group" wnag ON wnag.group_id = g.id
LEFT JOIN "wireguard_network" wn ON wn.allow_all_groups OR wn.id = wnag.network_id

-- After
LEFT JOIN LATERAL (
    SELECT wn_inner.name FROM "wireguard_network" wn_inner
    JOIN "wireguard_network_allowed_group" wnag
        ON wnag.network_id = wn_inner.id AND wnag.group_id = g.id
    UNION
    SELECT wn_all.name FROM "wireguard_network" wn_all
    WHERE wn_all.allow_all_groups
) wn ON true

• Each branch can be resolved via an index scan independently
• The lateral is evaluated once per group row, eliminating the cross-product
• UNION deduplicates networks that appear in both branches
• Updated sqlx offline query cache (.sqlx/) to match the new query

🛠️ Dev Branch Merge Checklist:

Documentation

• If testing requires changes in the environment or deployment, please update the documentation (https://docs.defguard.net/) first and attach the link to the documentation section in this pool request
• I have commented on my code, particularly in hard-to-understand areas

Testing

• I have prepared end-to-end tests for all new functionalities
• I have performed end-to-end tests manually and they work
• New and existing unit tests pass locally with my changes

Deployment

• If deployment is affected I have made corresponding/required changes to deployment (Docker, Kubernetes, one-line install)

🏚️ Main Branch Merge Checklist:

Testing

• I have merged my changes before to dev and the dev checklist is done
• I have tested all functionalities on the dev instance and they work

Documentation

• I have made corresponding changes to the user & admin documentation and added new features documentation with screenshots for users/admins

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.