Test conformance of gov API implementation to documented OpenAPI descriptions

[eddyashton]

Hoping to do this automatically, perhaps with a generated client or OpenAPI-based fuzzer.

2 known discrepancies noted in #5660, which should be modified in the OpenAPI (TypeSpec) source:

• previousServiceCreation in /service/info. Decide whether this is a version, TxID, or cert
• SNP endorsements in /service/join-policy. Feed info is a known object, not a single string

[eddyashton]

2 further discrepancies, added in #5698:

• /members and /member/{memberId} responses include publicEncryptionKey, if present
• /jwk response includes a keys field, describing current JWKs and not merely their issuers

[ivarprudnikov]

Hoping to do this automatically, perhaps with a generated client or OpenAPI-based fuzzer.

There was an issue related to fuzzing some time ago #1199 might be helpful to link it here

[eddyashton]

• Acks.StateDigest response currently returns stateDigest and memberId, but spec says single field called digest

[achamayou]

previousServiceCreation in /service/info. Decide whether this is a version, TxID, or cert

This is exposing previous_service_identity_version, which is set during the transition to open the service.

The last term of the previous service and the cert will both require a historical query, which will have much more of an API impact that we want to have for this iteration, so it's going to be the version.

[eddyashton]

#6118 proposes adding 2 new endpoints, which should be added to the TypeSpec/OpenAPI:

• GET /gov/service/users - Returns list of users
• GET /gov/service/users/{userId} - Returns single users

Where the user schema is an object containing {userId = str, certificate = PEM str, userData = null | JSON}.