feat(profile): secure and enhance address management endpoints

[NkwaTambe]

This commit introduces several improvements to the customer profile and address management functionality.

• JWT-based Client ID Retrieval:

  • The GET, POST, and PUT endpoints for addresses (/api/profile/addresses) now retrieve the client ID from the JWT token instead of a path variable. This enhances security by ensuring that users can only access and modify their own addresses.
  • The logic for extracting the client ID from the JWT has been centralized in a private method within the CustomerProfileService to avoid code duplication.

• Role-Based Access Control:

  • All address-related endpoints now require the ROLE_KYC_MANAGER authority. This is enforced using the @PreAuthorize annotation.

• Improved Update Logic:

  • The updateClientAddress method in FineractAddressService has been updated to support partial updates for all address fields, not just street and addressType.

• Code Refactoring:

  • Replaced all string literals for JSON keys in FineractAddressService with constants to improve code quality and maintainability.

• Documentation:

  • The customer_flow.md documentation has been extensively updated to reflect all of the above changes.
  • The documentation now clearly explains the new endpoints, the security model, the request payloads, and the expected responses.
  • It also provides detailed information on the allowed string values for addressType, stateProvince, and country, and clarifies how these are mapped to IDs in Fineract.
  • All cURL examples have been updated to use the new endpoints and reflect the new security model.