Don't use custom bypass in SIA

[etnoy]

Breaking change

This is potentially a breaking change if anybody depends on the CUSTOM_BYPASS state being relayed.

Proposed change

This is a followup on #119168 that goes one step further and removes CUSTOM_BYPASS from the SIA integration. Currently, the SIA code "CF" is sent when "the system has been armed with malfunctions using", quoting the official SIA code list from Ajax: https://docs.google.com/spreadsheets/d/1-N-RZVS8IiwM5zuw2u4gt8Bx_5xo_JOwuagHJgSJxUw/edit?gid=920971512#gid=920971512

Why do we remove the CUSTOM_BYPASS state? First, it happens quite often in Ajax. If you have a device with a low battery, if you have system integrity enabled and arm with a door opened, or something similar, then you need to confirm arming in the Ajax app before arming. After that, the system does arm, and the Ajax app shows the state "Armed".

However, in that state, the SIA integration in HA will not say "Armed" but "Armed custom bypass". I argue that this is unneccessary and that it should say just "Armed". Having a low device battery does should not, in my opinion, change the state from the logical "Armed" state. This can make it hard to write integration since you need to handle the CUSTOM_BYPASS state when the system actually is armed.

I understand that this change is opinionated but I'm open to discussion

Type of change

• Dependency upgrade
• Bugfix (non-breaking change which fixes an issue)
• New integration (thank you!)
• New feature (which adds functionality to an existing integration)
• Deprecation (breaking change to happen in the future)
• Breaking change (fix/feature causing existing functionality to break)
• Code quality improvements to existing code or addition of tests

Additional information

• This PR fixes or closes issue: fixes #
• This PR is related to issue:
• Link to documentation pull request:

Checklist

• The code change is tested and works locally.
• Local tests pass. Your PR cannot be merged unless tests pass
• There is no commented out code in this PR.
• I have followed the development checklist
• I have followed the perfect PR recommendations
• The code has been formatted using Ruff (ruff format homeassistant tests)
• Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

• Documentation added/updated for www.home-assistant.io

If the code communicates with devices, web services, or third-party tools:

• The manifest file has all fields filled out correctly.
  Updated and included derived files by running: python3 -m script.hassfest.
• New or updated dependencies have been added to requirements_all.txt.
  Updated by running python3 -m script.gen_requirements_all.
• For the updated dependencies - a link to the changelog, or at minimum a diff between library versions is added to the PR description.

To help with the load of incoming pull requests:

• I have reviewed two other open pull requests in this repository.

[home-assistant]

Hey there @eavanvalkenburg, mind taking a look at this pull request as it has been labeled with an integration (sia) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of sia can trigger bot actions by commenting:

• @home-assistant close Closes the pull request.
• @home-assistant rename Awesome new title Renames the pull request.
• @home-assistant reopen Reopen the pull request.
• @home-assistant unassign sia Removes the current integration label and assignees on the pull request, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the pull request.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the pull request.

[zweckj]

So you would need to explain the "Breaking changes" section a bit better, as this is what would be shown in the release notes to the users so they understand that change and the impact.
Secondly, in what scenarios would/could it be interesting to users to actually differentiate between "Armed" and "armed custom bypass"? If it is interesting enough you could allow the user to customize the behaviour (separate/one state) through options.