jimfuqian/BB2-3267-SPIKE: Deprecate mbi hash based patient lookup in authorization flow

[JFU-NAVA-PBC]

JIRA Ticket: BB2-3267

Description:

This has been requested by the BFD team. Hashed MBIs will no longer be supported, per BFD.

Accordingly, BB2 needs to make changes to API and API docs to be consistent with that policy change.

Out of scope: Deprecating HICN use

What Does This PR Do?

Prototyped a working bb2 server where the OAUTH authorization flow used a mbi patient lookup instead of mbi_hash based lookup.

What Should Reviewers Watch For?

If you're reviewing this PR, please check for these things in particular:

To test:

1. Checkout the PR
2. Spin up a local BB2
3. Do a round trip authorization using built in test client

Locate code sections where the changes happen:

Comments added with the mark "BB2-3267" - search "BB2-3267" from your IDE to quick locate code that has the changes.

Dev Note:

Bunch of unit tests Error out which are expected, the PR does not fix tests to save time. Fixing testing will be AC in the following impl ticket.

Validation

What Security Implications Does This PR Have?

Please indicate if this PR does any of the following:

• Adds any new software dependencies

• Modifies any security controls

• Adds new transmission or storage of data

• Any other changes that could possibly affect security?

• [ ] Yes, one or more of the above security implications apply. This PR must not be merged without the ISSO or team security engineer's approval.

Any Migrations?

• [ ] Yes, there are migrations
  • [ ] The migrations should be run PRIOR to the code being deployed
  • [ ] The migrations should be run AFTER the code is deployed
  • [ ] There is a more complicated migration plan (downtime, etc)
• [x] No migrations

[JFU-NAVA-PBC]

closed due to https://github.com/CMSgov/bluebutton-web-server/pull/1239 is up for review