When rules expire and are disabled by ExpiredRulesCleanupJob, the system
was unable to re-enable them due to unique index constraints. This caused
geo-based blocking to stop working in production.
Implemented find-or-update-or-create pattern in WafPolicy#create_rule_for_network_range:
- Re-enables disabled rules and sets new expiration (7 days)
- Extends expiration for enabled rules
- Creates new rules with 7-day TTL
- Handles race conditions gracefully
Added test coverage for all three scenarios.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
