Resolves issue #1423, Add registry user expansion tests and update coverage

[afoote-mitre]

Closes Issue #1423

Summary

Adds registry user expansion/update support and expands unit and integration coverage around registry org/user behavior, user membership fields, and shared utility helpers.

During test development, several implementation gaps were found and fixed. The public registry user request/response schemas exposed org_affiliations and cve_program_org_membership, but the internal BaseUser.json validator did not allow those fields and baseuser.js did not persist them. Also, registry user update flows could fail when clients sent back a fetched user object because registry-user.controller.js validated server-managed timestamp fields before stripping them. These gaps caused valid registry user updates to return 400; the implementation now aligns validation, persistence, and update handling with the documented registry user shape.

Important Changes

src/controller/registry-user.controller/registry-user.controller.js

• Allows full read-modify-write update payloads by ignoring server-managed timestamp fields.
• Preserves registry membership fields during update validation.

schemas/registry-user/BaseUser.json

• Added validation support for org_affiliations and cve_program_org_membership.

src/model/baseuser.js

• Added persistence support for registry user organization membership arrays.

src/controller/user.controller/error.js

• Added missing registry user creation error helpers for UUID, duplicate user, and user-limit failures.

test/integration-tests/

• Added registry user CRUD coverage.
• Added user listing coverage.
• Added update coverage for org_affiliations and cve_program_org_membership.

test/unit-tests/

• Added controller coverage for registry org and registry user edge cases.
• Added repository helper coverage.
• Added utility coverage for date-only and empty-value helpers.
• Added BaseUser model validation coverage for registry membership fields.

Testing

Steps to manually test updated functionality, if possible

• 1) Run NODE_ENV=test node node_modules/mocha/bin/mocha test/unit-tests --recursive --exit.
• 2) Run NODE_ENV=test node node_modules/mocha/bin/mocha test/integration-tests/registry-user test/integration-tests/user --recursive --exit.
• 3) Verify GET /api/registry/org/{short_name}?expand=users returns _userMap when the expansion implementation is present.
• 4) Create a registry user, update it by UUID, then delete it through /api/registryUser/{UUID}.
• 5) Update a registry user with org_affiliations and cve_program_org_membership and confirm both fields persist.

[jdalphond-mitre]

I have tested this and it correctly does not return secretariat users as an org admin.
It does return the secretariat users as a secretariat.

[afoote-mitre]

I have tested this and it correctly does not return secretariat users as an org admin. It does return the secretariat users as a secretariat.

This comment was left on the wrong ticket, @jdalphond-mitre has not yet reviewed this one