Add Shield silentCAPTCHA integration

[paulgoodchild]

• Have you followed the Everest Forms Contributing guideline?
• Does your code follow the WordPress' coding standards?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Changes proposed in this Pull Request:

This commit introduces Shield silentCAPTCHA integration for Everest Forms, adds global diagnostics for Shield threshold=0 configuration, and includes a minimal core admin-assets fix for the evf-upgrade JS data contract.

Implementation

• Register ShieldSilentCaptcha addon in addons/Addons.php.
• Add addon implementation in addons/ShieldSilentCaptcha/ShieldSilentCaptcha.php:
  • Adds Shield provider row to CAPTCHA Integration settings.
  • Adds per-form Shield toggle in builder security settings.
  • Adds form processing gate via everest_forms_process_initial_errors.
  • Uses Shield bot verdict callable priority:
    • \FernleafSystems\Wordpress\Plugin\Shield\Functions\test_ip_is_bot
    • shield_test_ip_is_bot
  • Uses Shield threshold callable priority:
    • \FernleafSystems\Wordpress\Plugin\Shield\Functions\get_silentcaptcha_bot_threshold
    • shield_get_silentcaptcha_bot_threshold
  • Preserves fail-open behavior for callable absence/throwable/non-strict verdicts.
  • Adds threshold-zero global settings notice:
    • "Shield is active and running, but your Shield silentcaptcha bot threshold is set to zero."
  • Evaluates threshold only after Shield availability is confirmed.
  • Evaluates threshold only when callable exists; throwable/non-numeric results fail open.
  • Caches threshold-zero evaluation result per request lifecycle.
  • Reuses a shared helper for notice + Learn More link markup.
• Add Shield icon asset at assets/images/captcha/shield-security-logo.png.

Core bug fix

• Update includes/admin/class-evf-admin-assets.php to localize evf_data directly to the evf-upgrade handle.
• Add inline code comments documenting the bug and rationale.
• Fixes the evf_data-is-undefined path for evf-upgrade in affected admin contexts.

How to test the changes in this Pull Request:

Tests

• Add tests/phpunit/includes/class-shield-silent-captcha-test.php with coverage for:
  • verdict normalization and callable ordering.
  • fail-open behavior for missing/throwing callables.
  • closed-gate and existing-error short-circuit behavior.
  • strict-true block header behavior and AMP bypass.
  • global toggle and builder selector contracts.
  • threshold path behavior:
    • threshold callable missing => standard available branch.
    • threshold callable throws => standard available branch.
    • threshold 0 => threshold-warning branch.
    • threshold non-zero => standard available branch.
    • Shield unavailable => threshold check short-circuited.
    • threshold lookup cache => single threshold callable invocation across repeated calls.
  • behavior-focused assertions using branch instrumentation/call counts (no fragile string-content assertions for threshold message copy).
• Add tests/phpunit/includes/class-shield-silent-captcha-flow-test.php with flow coverage for:
  • reCAPTCHA failure short-circuit before Shield initial-errors stage.
  • reCAPTCHA success path reaching initial-errors stage where Shield can apply.

Types of changes:

• New feature (non-breaking change which adds functionality)

Other information:

• Have you added an explanation of what your changes do and why you'd like us to include them?
• Have you successfully ran tests with your changes locally?
• Have you updated the documentation accordingly?

Changelog entry

Added support for Shield Security's silentCAPTCHA Bot SPAM protection features alongside Google reCAPTCHA & CloudFlare Turnstile.