fix: onboard flow fixes

[tkotthakota-adobe]

https://jira.corp.adobe.com/browse/SITES-43237
https://jira.corp.adobe.com/browse/SITES-41916

spacecat-shared-utils

resolveCanonicalUrl crashed the Lambda silently on sites with Brotli-compressed responses (e.g.,
otempo.com.br). The function only needs the final URL and status code but @adobe/fetch was
auto-decompressing the body. The abandoned stream caused an unhandled Z_BUF_ERROR that killed the
process with no error message.

• Added decode: false to skip unnecessary body decompression — fixes the crash
• Added 7s total deadline across all recursive calls (HEAD → GET, redirects)
• Changed detectBotBlocker from HEAD to GET so HTML body is available for challenge page detection
  (Cloudflare, Imperva, CAPTCHA)
• Added 3s body-read timeout in detectBotBlocker to handle slow-streaming servers

spacecat-shared-data-access

Site-level handler overrides were ignored — org-level disable always won, so upgrading a site from
free-trial to paid couldn't re-enable audits. Also, enabling a handler could crash with a TypeError if
the disabled.sites array didn't exist.

• isHandlerEnabledForSite now checks site-level before org-level — site enable overrides org disable
• #updatedHandler cleans up both enabled/disabled lists to keep them consistent
• Safe array access with || [] fallback to prevent TypeError on missing keys

[github-actions]

This PR will trigger a patch release when merged.