[BORKED] Cybersecurity Audit

[awatson1978]

New Environment Variables DEBUG_ACCOUNTS - For debugging the Accounts and Authentication subsystems. DEBUG_CRYPTO - For debugging public/private key infrastructure, UDAP, JWT, and other cryptography.

Security Enhancements

• NoSQL Injection Prevention: sanitize() coding pattern introduced for .find() and .findOne() calls.

Meteor Settings

• Meteor.settings.private.invitationExpiry - Invitation code expiration date. Expected format is YYYY-MM-DD
• Meteor.settings.private.enablePublicUnrestrictedData - Enables public registry data. Data that has a security label of unrestricted will be published to anonymous users not logged in.
• Meteor.settings.public.defaults.defaultUserRole - The default user role that new accounts get created as.

Breaking Changes

• eslint removed from project. Migrated to GitHub workflows and post-commit hooks.

[awatson1978]

Replaced by PR #172, due to a bug in the validateLogin() function. Due to the number of files changed during a gnarly refactor, was easiest to revert and do a branch rebuild.