SPINEDEM-5192 Create privileged access mode

[dlzhry2nhs]

Summary

• ✨ New Feature

Key Changes:
Proxy logic:

• Adds an additional form of Level 3 application restricted access mode named privileged-application-restricted
• Logic added to proxy flow to account for this new scope and access mode
• Several RaiseFault components updated to dynamically include the access mode as a string in the error message
• Refactored the regex used for scope checking. Validated through manual testing of expression and the full regression set of pipeline tests (the code is in the infrastructure definitions rather than a JS file, so is trickier to unit test).

Tests

• Adds new tests for privileged access mode. For now, expected behaviour is identical to standard application-restricted. In the next PR, once the spine side changes are available, we will need to add assertions to verify that S-Flag details are returned in privileged access mode
• A new Apigee app was added which specifically has privileged access mode. Pipelines and env vars updated accordingly.

Reviews Required

• Dev
• Test

Review Checklist

ℹ️ This section is to be filled in by the reviewer.

• I have reviewed the changes in this PR and they fill all or part of the acceptance criteria of the ticket, and the code is in a mergeable state.
• If there were infrastructure, operational, or build changes, I have made sure there is sufficient evidence that the changes will work.

[github-actions]

This branch is working on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

SPINEDEM-5192

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud