[CHAIN] feat(ui): expand attack paths node legend coverage

[Alan-TheGentleman]

🔗 Part of Chained PRs

Field	Value
Feature Branch	PROWLER-1273/react-flow-migration
Main PR	#10686
Chain Position	9 of 11
Depends on	#11015 (graph exploration + legend)

Chain Overview

#10701 → #10705 → #10756 → #10800 → #10970 → #11010 → #11013 → #11014 → #11015 → 📍 #11016 → #11017 → #11020 → #10686

---

Context

This closes the icon/legend coverage gap for real Attack Paths node labels. The previous legend was too category-oriented; reviewers need the legend to explain the concrete node types visible in the graph, using the same colors as the nodes themselves.

---

Description

Changes:

• Expand resolveNodeVisual() coverage for AWS labels used by predefined Attack Paths queries, including RDS, Lambda, SageMaker notebooks, load balancers, listeners, network interfaces, IP nodes, groups, principals, and tags.
• Make the legend dynamic from the currently visible graph state.
• List concrete node types such as AWS User, AWS Managed Policy, AWS Policy Statement, and Permission Role instead of generic categories like Identity.
• Use the same label-based node colors in the legend as the actual graph nodes.
• Pass expanded-resource and filtered-view state into the legend so hidden findings do not appear until visible.
• Add focused unit tests for concrete node type legend behavior and expanded AWS node visual coverage.

---

Steps to review

1. Run a query with identity/policy nodes and confirm the legend lists concrete visible types.
2. Confirm legend node badges match actual graph node colors.
3. Confirm hidden findings do not appear in the legend until Show findings reveals them.
4. Run pnpm exec vitest run --project unit "app/(prowler)/attack-paths/(workflow)/query-builder/_components/graph/graph-legend.test.tsx" "app/(prowler)/attack-paths/(workflow)/query-builder/_lib/node-visuals.test.ts" from ui/.

---

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[pfe-nazaries]

When no prop passed, this will create a new Set each render with a different ref, trigger unnecessary renders