SEO: port Google site auto-verify to the Settings tab

[angelablake]

Proposed changes

Ports the Google site auto-verify flow into the new Jetpack SEO admin page (Settings → Site verification), replacing the legacy Jetpack → Settings → Traffic UI with a cleaner design. Part of the Jetpack SEO product split; addresses JETPACK-1686 (a #5b parity item — the old Traffic page can't be retired until this exists on the new admin).

Targets trunk — the Settings tab it builds on (#49256) is already merged, so this is independent of the in-flight Content/AI PRs.

What it does

• Connected sites: a Verify with Google button opens the WordPress.com keyring OAuth popup; on success the returned keyring id is POSTed to the existing jetpack/v4/verify-site/google endpoint to verify the site. Live verified status is fetched on mount.
• Verified state: shows a "Verified" badge and, for site owners, a View in Google Search Console link (from the endpoint's data).
• Manual fallback: pasting the meta-tag code is always available as a disclosure, and is the only option on disconnected self-hosted sites (no keyring).
• The other four services (Bing/Pinterest/Yandex/Facebook) are unchanged simple code fields.

Implementation notes

• Initializer::get_google_verify_data() bootstraps seo.google_verify = the keyring connect URL (Keyring_Helper::connect_url( 'google_site_verification', 'other' )) + whether the current user is connected (Connection\Manager::is_user_connected()). Both are provided by the host plugin, so they're guarded with class_exists (same pattern as the other plugin-provided helpers); on a disconnected site they degrade to empty URL / not-connected.
• The keyring popup uses the standard @automattic/request-external-access package (already used by Forms / external-connections) — one new dependency.
• No new REST and no new storage: reuses jetpack/v4/verify-site/google (GET status + POST verify) and the existing verification_services_codes option.
• Design uses current design-system primitives (@wordpress/ui Badge/Link/Stack, @wordpress/components Button with isBusy). The legacy "Google will email about hacked / crawling-indexing…" blurb was intentionally dropped as clutter.

Other information

• New tests? — a contract test for the get_google_verify_data() bootstrap shape.
• Changelog entry added.

Does this pull request change what data or activity we track or use?

No new data or telemetry. It relocates an existing verification flow and reuses the same endpoints/option.

Testing instructions

The SEO dashboard is behind the rsm_jetpack_seo feature flag — enable it on the test site (add_filter( 'rsm_jetpack_seo', '__return_true' );) with the seo-tools module active.

On a connected site with the Settings tab:

1. Go to SEO → Settings → Site verification. The Google row shows a verified/not-verified status.
2. If not verified: click Verify with Google, complete the WordPress.com popup, and confirm the row flips to Verified (with a Search Console link if you own the property).
3. Confirm Enter a code manually reveals a field that still saves the meta-tag code.
4. Confirm Bing/Pinterest/Yandex/Facebook fields are unchanged and still save.

On a disconnected self-hosted site:
5. Confirm the Google row shows only the manual code field (no Verify button).

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack or WordPress.com Site Helper), and enable the add/jetpack-seo-google-verify branch.
• To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack add/jetpack-seo-google-verify

bin/jetpack-downloader test jetpack-mu-wpcom-plugin add/jetpack-seo-google-verify

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• 🔴 Add a "[Status]" label (In Progress, Needs Review, ...).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

[jp-launch-control]

Code Coverage Summary

This PR did not change code coverage!

That could be good or bad, depending on the situation. Everything covered before, and still is? Great! Nothing was covered before? Not so great. 🤷

Full summary · PHP report · JS report