CDD-3099 update non public caching

[kathryn-dale]

Description

This PR includes the following:

• Add JWT detection middleware to identify if the request comes from a public or non-public user

• If the request comes from a non-public user, bypass the cache and calculate the data fresh. This newly calculated data should NOT be saved in the cache

• This work only covers the private api. It has been agreed to leave the public api for now, as private data is not returned from the public api currently, and it has been agreed not to use it for non public data in the immediate future.

Fixes #CDD-3099

---

Type of change

Please select the options that are relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Tech debt item (this is focused solely on addressing any relevant technical debt)

---

Checklist:

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests at the right levels to prove my change is effective
• I have added screenshots or screen grabs where appropriate
• I have added docstrings in the correct style (google)

[kathryn-dale]

From a discussion with @mattjreynolds

So the jwt validation (or any Django Authentication middleware) will set the values of request.user (to an instance of the User model) and request.auth (that will contain the valid auth - in this case the decoded jwt). So you should be able to just do simple check along the lines of valid_jwt = request.auth  (request.auth will be set to None for a public (unauthenticated) request). We could decide later on to make that check more specific (once we've figured out exactly how permissions are going to look) at which point we may shift it to calling a function on the permission sets model attached to the user, so something like valid_jwt = request.user.permission_sets.is_valid()  but I think to keep it simple for now, just checking request.auth will be fine, and that will mean your code will just start working as long as it gets merged after mine.

Blocking this work until CDD-3058 is merged and this can be properly tested and completed

[kathryn-dale]

I have reached out to @phill-stanley regarding the sonarqube failures. Namely:

• There are two versions of the public api which are remarkably similar. This has necessitated duplicate code in the testing, which has crossed the threshold of tolerated levels of duplication

I have also reached out to @mattjreynolds to discuss where the JWT validation should live, to see if it logically can move so it doesn't break the contract

[sonarqubecloud]

Quality Gate failed

Failed conditions
32.3% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud