SEAB-6173: Fix miscellaneous "fuzzing bugs"

[svonworl]

Description This PR fixes the bugs that were uncovered during fuzz testing by the requests listed in https://ucsc-cgl.atlassian.net/browse/SEAB-6173, with the exception of the api/containers/schema/514/published request, which resulted in more extensive changes and is fixed in PR https://github.com/dockstore/dockstore/pull/5860.

I added some inline PR comments that describe what was fixed, and how.

Note that the "NUL character" bug is not fixed: https://github.com/dockstore/dockstore/pull/5862#issuecomment-2037911466

Review Instructions Try the requests that are described in the issue, and confirm that the responses make sense and are not 500 status/error codes.

Issue https://ucsc-cgl.atlassian.net/browse/SEAB-6173

Security and Privacy

No concerns.

• [x] Security and Privacy assessed

e.g. Does this change...

• Any user data we collect, or data location?
• Access control, authentication or authorization?
• Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

• [x] Check that you pass the basic style checks and unit tests by running mvn clean install
• [x] Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
• [x] Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
• [x] If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
• [x] Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
• [x] Do not serve user-uploaded binary images through the Dockstore API
• [x] Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
• [x] Do not create cookies, although this may change in the future
• [x] If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 38.09524% with 13 lines in your changes are missing coverage. Please review.

Project coverage is 74.52%. Comparing base (f03a1b4) to head (8f55ad4).

Files	Patch %	Lines
.../java/io/openapi/api/impl/ToolsApiServiceImpl.java	0.00%	11 Missing :warning:
...in/java/io/dockstore/webservice/jdbi/EntryDAO.java	60.00%	0 Missing and 2 partials :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## develop #5862 +/- ## ============================================== + Coverage 28.88% 74.52% +45.63% - Complexity 2087 5276 +3189 ============================================== Files 369 369 Lines 19060 19063 +3 Branches 2025 2026 +1 ============================================== + Hits 5506 14207 +8701 + Misses 13123 3893 -9230 - Partials 431 963 +532 ``` | [Flag](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | Coverage Δ | | |---|---|---| | [bitbuckettests](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | `27.06% <14.28%> (?)` | | | [integrationtests](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | `58.54% <23.80%> (?)` | | | [languageparsingtests](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | `11.01% <14.28%> (?)` | | | [localstacktests](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | `21.58% <14.28%> (?)` | | | [toolintegrationtests](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | `30.43% <14.28%> (?)` | | | [unit-tests_and_non-confidential-tests](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | `28.88% <0.00%> (-0.01%)` | :arrow_down: | | [workflowintegrationtests](https://app.codecov.io/gh/dockstore/dockstore/pull/5862/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore) | `38.64% <33.33%> (?)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=dockstore#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[svonworl]

Ooops. forgot to note that the /api/categories?name=%00 request is not fixed. It happens because postgres doesn't like storing the NUL character (value 0) or accepting it in queries. The problem can be triggered on any endpoint that accepts a QueryParam and passes it on to the database, and there is no simple, straightforward fix (that I know of). So, we'll leave it as is for now.

[sonarcloud[bot]]

Quality Gate failed

Failed conditions
44.4% Coverage on New Code (required ≥ 80%)

See analysis details on SonarCloud