PATCH branch-protection updates check list even when checks are disabled (#26351)

Fixes: #26333.

Previously, this endpoint only updates the `StatusCheckContexts` field
when `EnableStatusCheck==true`, which makes it impossible to clear the
array otherwise.

This patch uses slice `nil`-ness to decide whether to update the list of
checks. The field is ignored when either the client explicitly passes in
a null, or just omits the field from the json ([which causes
`json.Unmarshal` to leave the struct field
unchanged](https://go.dev/play/p/Z2XHOILuB1Q)). I think this is a better
measure of intent than whether the `EnableStatusCheck` flag was set,
because it matches the semantics of other field types.

Also adds a test case. I noticed that [`testAPIEditBranchProtection`
only checks the branch
name](c1c83dbaec/tests/integration/api_branch_test.go (L68))
and no other fields, so I added some extra `GET` calls and specific
checks to make sure the fields are changing properly.

I added those checks the existing integration test; is that the right
place for it?

routers/api/v1/repo/branch.go

 	if form.EnableStatusCheck != nil {
 		protectBranch.EnableStatusCheck = *form.EnableStatusCheck
 	}
-	if protectBranch.EnableStatusCheck {
+
+	if form.StatusCheckContexts != nil {
 		protectBranch.StatusCheckContexts = form.StatusCheckContexts
 	}
 

tests/integration/api_branch_test.go

 	assert.True(t, branch.UserCanMerge)
 }
 
-func testAPIGetBranchProtection(t *testing.T, branchName string, expectedHTTPStatus int) {
+func testAPIGetBranchProtection(t *testing.T, branchName string, expectedHTTPStatus int) *api.BranchProtection {
 	token := getUserToken(t, "user2", auth_model.AccessTokenScopeReadRepository)
 	req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branch_protections/%s?token=%s", branchName, token)
 	resp := MakeRequest(t, req, expectedHTTPStatus)
 		var branchProtection api.BranchProtection
 		DecodeJSON(t, resp, &branchProtection)
 		assert.EqualValues(t, branchName, branchProtection.RuleName)
+		return &branchProtection
 	}
+	return nil
 }
 
 func testAPICreateBranchProtection(t *testing.T, branchName string, expectedHTTPStatus int) {
 		EnablePush: true,
 	}, http.StatusOK)
 
+	// enable status checks, require the "test1" check to pass
+	testAPIEditBranchProtection(t, "master", &api.BranchProtection{
+		EnableStatusCheck:   true,
+		StatusCheckContexts: []string{"test1"},
+	}, http.StatusOK)
+	bp := testAPIGetBranchProtection(t, "master", http.StatusOK)
+	assert.Equal(t, true, bp.EnableStatusCheck)
+	assert.Equal(t, []string{"test1"}, bp.StatusCheckContexts)
+
+	// disable status checks, clear the list of required checks
+	testAPIEditBranchProtection(t, "master", &api.BranchProtection{
+		EnableStatusCheck:   false,
+		StatusCheckContexts: []string{},
+	}, http.StatusOK)
+	bp = testAPIGetBranchProtection(t, "master", http.StatusOK)
+	assert.Equal(t, false, bp.EnableStatusCheck)
+	assert.Equal(t, []string{}, bp.StatusCheckContexts)
+
 	testAPIDeleteBranchProtection(t, "master", http.StatusNoContent)
 
 	// Test branch deletion