Update RequestContentValidator to only validate fields from request payload and not pre-existing values stored in security index

[cwperks]

Description

This PR contains a fix for using PATCH API with the security plugin to update security configs like internal users.

This PR relates to the following 3 PRs:

• Create a WildcardMatcher.NONE when creating a WildcardMatcher with an empty string #5694
• Improve array validator to also check for blank string in addition to null #5714
• Filter blank backend role before creating internal user security-dashboards-plugin#2330

Prior to opensearch-project/security-dashboards-plugin#2330, when internal users would be created through OSD then they would automatically get empty string ("") pre-populated in the list of backend roles.

With the new API validations added in #5714, a user making a PATCH request can get a BAD_REQUEST error if the internaluser being edited has an empty string already stored in the security index regardless if the request payload is modifying this field.

For example in my internalusers.yml file I put:

anomalyadmin:
  hash: "$2y$12$TRwAAJgnNo67w3rVUz4FIeLx9Dy/llB79zf9I15CKJ9vkM4ZzAd3."
  reserved: false
  backend_roles:
    - ""

and then try to update the hash via API using PATCH. It fails:

> curl -XPATCH -k "https://admin:myStrongPassword123\!@localhost:9200/_opendistro/_security/api/internalusers" \
  -H "Content-Type: application/json" \
  --data '[
    {
      "op": "replace",
      "path": "/anomalyadmin/hash",
      "value": "myStrongPassword123!"
    }
  ]'
{"status":"error","reason":"`null` or blank values are not allowed as json array elements"}

With the change in this PR, the request would succeed bc the validation would only apply on the request payload itself.

• Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Bugfix

Check List

• New functionality includes testing
• New functionality has been documented
• New Roles/Permissions have a corresponding security dashboards plugin PR
• API changes companion pull request created
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

❌ Patch coverage is 90.47619% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.04%. Comparing base (db9efb6) to head (52eb6ca).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
.../dlic/rest/validation/RequestContentValidator.java	90.47%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6061      +/-   ##
==========================================
+ Coverage   73.98%   74.04%   +0.05%     
==========================================
  Files         441      441              
  Lines       27413    27481      +68     
  Branches     4110     4123      +13     
==========================================
+ Hits        20281    20347      +66     
  Misses       5193     5193              
- Partials     1939     1941       +2     

Files with missing lines	Coverage Δ
.../dlic/rest/validation/RequestContentValidator.java	86.50% <90.47%> (+0.22%)	⬆️

... and 9 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.