Update citation author/editor handling to use JSON fields with ORCID and ROR links

[jordanpadams]

🗒️ Summary

Replaces flattened citation metadata fields with JSON-based extraction to preserve nested relationships between authors/editors, affiliations, and organizations. Adds clickable links for ORCID identifiers on person names and ROR identifiers on organization names to enable direct access to contributor profiles and institutional information.

Changes:

• Remove deprecated flattened field constants from Constants.java
• Add new JSON field constants for citation_author/editor_person/organization_json
• Replace getAuthorEditorBlock() with processJsonField(), formatPerson(), formatOrganization()
• Parse JSON to extract nested Person and Organization structures with Affiliations
• Generate HTML links for person_orcid (ORCID) and organization_rorid (ROR) identifiers
• Handle both single and array affiliations per person

⚙️ Test Data and/or Report

♻️ Related Issues

• refs harvest-solr XML flattening does not preserve relationships between nested elements registry-legacy-solr#237
• dependent upon Add JSON extraction for citation author and editor metadata registry-legacy-solr#238

🤓 Reviewer Checklist

Reviewers: Please verify the following before approving this pull request.

Security & Quality

• SonarCloud: Confirmed no new High or Critical security findings.
• Secrets Detection: Verified that the Secrets Detection scan passed and no sensitive information (keys, tokens, PII) is exposed.
• Code Quality: Code follows organization style guidelines and best practices for the specific language (e.g., PEP 8, Google Java Style).

Testing & Validation

• Test Accuracy: Verified that test data is accurate, representative of real-world PDS4 scenarios, and sufficient for the logic being tested.
• Coverage: Automated tests cover new logic and edge cases.
• Local Verification: (If applicable) Successfully built and ran the changes in a local or staging environment.

Documentation

• Documentation: README, Wiki, or inline documentation (Sphinx, Javadoc, Docstrings) have been updated to reflect these changes.

Maintenance

• Issue Traceability: The PR is linked to a valid GitHub Issue or Jira Ticket.
• Backward Compatibility: Confirmed that these changes do not break existing downstream dependencies or API contracts (or that breaking changes are clearly documented).

[sonarqubecloud]

Quality Gate failed

Failed conditions
16.9% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

[nutjob4life]

Is there any chance the upstream source could contain malicious data?

For example, suppose the personName contains <script src='https://my.hackers.org/exploit/v1'>. For this case, using an HTML element tree might be safer.

Yes, I can be a bit paranoid 😆

[nutjob4life]

Approved but do see my question about HTML injection 😉

Also, 🎉

[INFO] Tests run: 36, Failures: 0, Errors: 0, Skipped: 0
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------

[jordanpadams]

@nutjob4life fix completed to sanitize these URLs. is this sufficient or should we take this a step further as use something like JSoup to actually build the HTML?

[nutjob4life]

@jordanpadams good question; soup's good but maybe overkill? I don't know. Then again, AI might be able to write it up pretty fast too.

[jordanpadams]

@nutjob4life true. but with the lack of a test suite here, I am worried about ripping apart the code and trying to test it. let's table that for now.