Adapt sync-cli to support synthetics PLs replication for DDR

[melkouri]

What does this PR do?

1. Adds DDR (Disaster Recovery) support to the synthetics_private_locations resource, enabling PL replication from a source org (R1) to a destination org (R2).

Related PRs:

• Add PL metadata related to DDR
• Support PL DDR metadata in PL endpoints
• Support PL DDR metadata in PL endpoints

2. Fixes the reset command to delete only the managed resources with the dd-sync-cli and not deleted already existing resources in R2.

Description of the Change

New CLI option: --datadog-host-override

• Added to constants.py (DD_DATADOG_HOST_OVERRIDE env var), options.py (CLI flag), and configuration.py (threaded to Configuration dataclass)
• Optional CNAME override passed to the DDR create endpoint for DNS failover

Updated synthetics_private_locations.py:

1. excluded_attributes, added ddr_metadata so DDR metadata on the destination is not diffed against the source

2. create_resource()
   During sync, when a source PL needs to be created at the destination:

• Fetches source PL metadata via GET /api/v1/synthetics/private-locations/{id}?include_pl_info=true to obtain pl_id, org_id, datacenter, public_key_test, and public_key_result
• Strips null metadata from the request body (DDR endpoint rejects it)
• Injects ddr_metadata with the source PL mapping (source_pl_id, source_name, source_dc, source_org_id)
• Sets test_encryption_public_key as the JSON-stringified public_key_test object
• Sets result_encryption_public_key as {"pem": ..., "fingerprint": ...} mapped from the source's public_key_result
• Optionally includes datadog_host_override
• Parses the DDR response format (resp["private_location"] instead of the normal create response which includes config and result_encryption at the top level)

5. _save_pl_config() new helper that saves each created PL's config to {destination_resources_path}/synthetics_private_locations_config/{sanitized_pl_name}.json containing publicKeysByMainDC (and datadogHostOverride if specified). This config is needed later to run the PL worker in R2.

Design decision: The pl_info fields are fetched on-demand in create_resource() from the source API rather than stored in state files. This keeps state files clean (consistent with other resources) and avoids stale data since the fields are only needed at create time.

Verification Process

Tested end-to-end on staging (app.datad0g.com) between two orgs:

1. Created a PL in source org (R1)
2. Ran import: confirmed source state saved correctly (3 PLs imported, 0 failures)
3. Ran sync: confirmed all 3 PLs created successfully in destination org (R2) via DDR endpoint (0 failures)
4. Verified PL config files written to synthetics_private_locations_config/
5. Ran reset: confirmed all Synced destination PLs deleted successfully

Release Notes

Added DDR (Disaster Recovery) support for synthetics_private_locations resource. New --datadog-host-override CLI option for optional CNAME override during PL replication.