Store organisation number for creator and consumer of subscription

[SandGrainOne]

Description

This issue has a dependency to issue #469 and is blocked until that change is in place.

The wanted outcome of this issue is to support authorization of a new subscription with the organization number of the caller. Then to keep the organization number for future authorization in push logic. This replaces the use of partyId, but only in cases were the ClaimsPrincipal has no references to a user. Most bearer tokens will still have a userid.

The goal here is to support policies where access subject contains organization numbers. Remember to isolate this new logic to Generic Events.

Rule from resource ttd-altinn-events-automated-tests in at23:

<xacml:Rule RuleId="urn:altinn:example:ruleid:3" Effect="Permit">
    <xacml:Description>A rule giving organisation 312508729 the right to subscribe to events registered by the ttd-altinn-events-automated-tests resource</xacml:Description>
    <xacml:Target>
        <xacml:AnyOf>
            <xacml:AllOf>
                <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                    <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">312508729</xacml:AttributeValue>
                    <xacml:AttributeDesignator AttributeId="urn:altinn:organizationnumber" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </xacml:Match>
            </xacml:AllOf>
        </xacml:AnyOf>
        <xacml:AnyOf>
            <xacml:AllOf>
                <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                    <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ttd-altinn-events-automated-tests</xacml:AttributeValue>
                    <xacml:AttributeDesignator AttributeId="urn:altinn:resource" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </xacml:Match>
            </xacml:AllOf>
        </xacml:AnyOf>
        <xacml:AnyOf>
            <xacml:AllOf>
                <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                    <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">subscribe</xacml:AttributeValue>
                    <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
                </xacml:Match>
            </xacml:AllOf>
        </xacml:AnyOf>
    </xacml:Target>
</xacml:Rule>

Tasks

• [x] Update the logic that generates the creator and consumer string to use organization number instead of party id.

Acceptance Criteria

• [ ] A created subscription have the creator and consumer stored as organization number.

Testing

• [ ] Start by creating a resource (RR) that has a policy with a rule for a specific organisation
• [ ] Create a JWT where the primary identifying claim is Or