fix(datastore): detach rollback context from transaction cancellation

[bhshkh]

Fix a lock contention and high-latency issue in RunInTransaction caused by failing to send Rollback commands when a context timer expires
or is canceled.

Fixes: b/346474631

[bhshkh]

Background (How Datastore Concurrency Works)

When a client updates records inside a Datastore transaction, the Datastore backend places an invisible transaction lock on those records. This prevents other transactions from making concurrent/conflicting changes.

These locks must be released as quickly as possible to avoid "database traffic jams":

1. If the transaction succeeds, it commits the changes and releases the lock.
2. If the transaction fails or is canceled, the client library must send a "Rollback" RPC. This tells Datastore to discard the changes and release the lock immediately.

---

The Bug

When users set a transaction timeout (e.g., using a 5-second context limit) and a Commit is slow or hangs:

1. The 5-second limit hits. The client correctly aborts the Commit.
2. The SDK catches this failure and attempts to run Rollback to release the locks.
3. The problem: The library attempted to send the Rollback RPC using the SAME parent context that had just expired. Since the context was already dead, our networking layer refused to send the Rollback out to the server.
4. Because the server never received a Rollback, it kept the locks active for up to 103 seconds (until a backend master timeout cleaned them up).
5. During this time, any new transaction trying to touch those records got blocked, piled up, and failed after 20 seconds with "too much contention" errors.

---

The Solution

This PR fixes the bug by ensuring the Rollback RPC always goes out, even if the parent context is cancelled or expired:

• Detached Context: We now wrap the rollback context in context.WithoutCancel(t.ctx). This creates a fresh, healthy context that maintains critical tracing metadata but ignores parental cancellation.
• Safe Timeout: We bound the rollback context with an independent 5-second limit so that it cannot block your application indefinitely if the network is completely broken.
• Immediate Lock Release: The Rollback RPC successfully reaches the server, properly releasing locks instantly, enabling subsequent retries to proceed without waiting.

[gemini-code-assist]

Code Review

This pull request updates the rollbackWithRetry method in datastore/transaction.go to use a detached context with a 5-second timeout, ensuring that rollback RPCs are executed even if the original context is cancelled or timed out. A corresponding test case, TestRunInTransaction_ContextCanceled, has been added to verify that rollbacks occur correctly under context cancellation. I have no feedback to provide.

[hongalex]

I understand the logic for why the rollbackCtx is needed, but why do we have to reset t.ctx back to the original context?

[bhshkh]

1. Avoid Side-Effects: rollbackCtx is cancelled immediately after rollbackWithRetry returns (via defer cancel()). If we don't restore t.ctx, the Transaction struct would be left holding a reference to a cancelled context.
2. Clearer Errors on Misuse: If the transaction is somehow reused after a failed rollback (where state might not be marked as expired), restoring origCtx ensures subsequent operations run under the user's original context (which might still be active) rather than failing immediately with a confusing context canceled error.
3. Memory Management: It prevents keeping the temporary rollbackCtx and its wrapper in memory if the Transaction object is held elsewhere.