Resolves issue #1830, move advisory scraping fields out of program_data and require joint approval.

[david-rocca]

Closes Issue #1830

Summary

Moved advisory_location_require_credentials and vulnerability_advisory_location_for_web_scraping to root-level registry org fields and added them to the joint approval workflow for org admin updates.

Important Changes

src/model/baseorg.js

• Moved advisory credential and web scraping advisory fields out of program_data.
• Prevented the web scraping locations array from appearing as an empty default value.

schemas/registry-org/*.json

• Updated registry org request/response/base/discriminator schemas to accept and return the two fields at root level.

src/constants/index.js

• Added the two root-level fields to JOINT_APPROVAL_FIELDS.
• Removed the old nested program_data.* entries from Secretariat-only fields.

src/controller/*/middleware.js

• Updated registry org parsing and validation to use the new root-level field paths.

test/integration-tests/registry-org/registryOrgWithJointReviewTest.js

• Added regression coverage for org admin updates requiring joint approval for the two fields.

Testing

Steps to manually test updated functionality, if possible

• 1) Create or update a registry org as Secretariat with the two fields at root level.
• 2) Verify the fields are returned at root level and not inside program_data.
• 3) As an org admin, update those fields on the admin’s own org.
• 4) Verify the response says joint approval is required and the live org is not directly updated.
• 5) As Secretariat, verify the pending review object contains the requested root-level field values.

Notes

• Ran bash -i -c "npm run test:integration" successfully.