feat(safety): GNSS redundancy failsafe (#26863)

* feat(gpsRedundancyCheck): add GPS redundancy failsafe with divergence check

- Monitors GPS count and triggers configurable failsafe (COM_GPS_LOSS_ACT) when count drops below SYS_HAS_NUM_GPS
- Tracks online (present+fresh) and fixed (3D fix) receivers separately; emits "receiver offline" vs "receiver lost fix"
- Detects position divergence between two receivers against combined RMS eph uncertainty plus lever-arm separation
- Pre-arm warns immediately; in-flight requires 2s sustained divergence to suppress multipath false alarms
- Adds GpsRedundancyCheckTest functional test suite

New parameters: SYS_HAS_NUM_GPS, COM_GPS_LOSS_ACT

* feat(sensor_gps_sim): publish second GPS instance using SENS_GPS1 lever arm params

When SENS_GPS1_OFFX or SENS_GPS1_OFFY is non-zero, publish a second sensor_gps instance offset by those values from the vehicle position.

fix(sensor_gps_sim): give second instance distinct device_id

Both simulated GPS instances previously shared the same device_id (address 0x00). This prevented testing the device-ID matching path in SITL since both slots would match the same receiver.

* refactor(gpsRedundancyCheck): address code review feedback

* refactor(gpsRedundancyCheck): address code review feedback

* docs: add GNSS check failsafe documentation

Update safety.md and releases/main.md to document the new GNSS check
failsafe (SYS_HAS_NUM_GNSS, COM_GPS_LOSS_ACT) introduced in PX4.

* docs(update): Subedit to taste

* refactor(gps): move GNSS redundancy detection into sensors module

Add GnssRedundancyStatus topic and GnssRedundancyMonitor in
vehicle_gps_position. Commander's gpsRedundancyCheck becomes a thin
consumer of the new topic. Detection lives with blending/fallback in
one module.

Also rename COM_GPS_LOSS_ACT -> COM_GNSS_LSS_ACT.

* docs(safety): clarify GNSS failsafe wording and rename COM_GNSS_LSS_ACT

* refactor(failsafe): consistent default case as fallback for existing option

* Rename COM_GNSS_LSS_ACT -> COM_GNSSLOSS_ACT

for readability

* fix(gnssRedundancyCheck): move logic back into the commander checks and various improvement suggestions

- Rename to GNSS instead of gps
- Use hysteresis
- Small logic refactorings
- Adapt unit tests to different interface
- User reporting on which GPS is offline or doesn't have a fix

* docs(gnssRedundancyCheck): simplify explanations

* refactor(gnssRedundancyCheck): update year numbers in copyright

---------

Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
Co-authored-by: Matthias Grob <maetugr@gmail.com>

msg/FailsafeFlags.msg

@@ -61,3 +61,4 @@ bool position_accuracy_low            # Position estimate has dropped below thre
 bool navigator_failure        	      # Navigator failed to execute a mode
 bool parachute_unhealthy              # Parachute system missing or unhealthy
 bool remote_id_unhealthy              # Remote ID (Open Drone ID) system missing or unhealthy
+bool gnss_lost                        # Active GNSS count dropped below SYS_HAS_NUM_GNSS, or two receivers report inconsistent positions