Add tenant isolation on aggregates that belongs to a tenant

Summary & Motivation

Introduce tenant isolation for Domain-Driven Design (DDD) Aggregates by adding a new ITenantScopedEntity interface. This ensures that only users logged into a tenant can fetch aggregates that belong to that specific tenant.

The implementation leverages Entity Framework query filters, automatically scoping all queries and commands to the current tenant. A new IExecutionContext concept has been introduced, with HttpExecutionContext for APIs and BackgroundWorkerExecutionContext for workers. The execution context carries the TenantId and UserInfo from the Access Token JWT, ensuring tenant-specific data handling throughout the system.

This tenant-scoping mechanism is now a dependency of the SharedKernel DBContext, used by all self-contained systems, ensuring all database communication is scoped to the current tenant in the execution context.

Certain user-related operations, like fetching a user by email when a user logs in, require bypassing the global tenant filter. To handle this, UserRepository.GetUserByEmailAsync() and other methods like .IsEmailFreeAsync() have been updated to use .IgnoreQueryFilters(). A new .GetByIdGlobalAsync() method has also been added for globally-scoped user lookups.

Significant updates have been made to the test suite to accommodate these changes. The DataBaseSeeder has been simplified to create only one tenant and user for authenticated endpoint testing. Seed data for other tests is now injected directly into the tests using SqliteConnectionExtensions.

Additionally, the UseSinglePageAppFallback has been updated to use the ExecutionContext for injecting environment data into index.html.

Checklist

[x] I have added a Label to the pull-request
[x] I have added tests, and done manual regression tests
[x] I have updated the documentation, if necessary

platformplatform / PlatformPlatform

Add tenant isolation on aggregates that belongs to a tenant #585

Summary & Motivation

Checklist

Quality Gate passed