GET /object: only blacklist path instead of whitelisting a limited subset of params

[norrisng-bc]

Description

This PR is a slight tweak to #312 .

When calling GET /object (search objects) without authentication, instead of whitelisting a limited subset of search parameters (bucketId, objectId, public, page, limit, sort), all parameters except for path are now allowed.

The other restrictions while no-auth remain; i.e. requiring a bucketId or objectId, ?public=true and redaction of some response fields.

No-auth object searches are already scoped by bucketId, so allowing other parameters is safe. However, path will still be blocked as it can potentially expose the underlying S3 bucket directory structure.

This allows the object filters in BCBox's <ObjectTable> to work without authentication (i.e. for displaying public folders).

Other tweaks:

• Fix typos in the existing OpenAPI spec
• GitHub Actions: temporarily disable Code Climate coverage, as Code Climate has turned their API off
  • Qlty would be the closest direct replacement (see https://docs.qlty.sh/migration/coverage)

https://apps.nrs.gov.bc.ca/int/jira/browse/SHOWCASE-3969

Types of changes

New feature (non-breaking change which adds functionality)

Checklist

• I have read the CONTRIBUTING doc
• I have checked that unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

N/A

[github-actions]

Coverage Report

Totals
Statements:	55.34% ( 3057 / 5524 )
Methods:	45.67% ( 332 / 727 )
Lines:	61.99% ( 1833 / 2957 )
Branches:	48.48% ( 892 / 1840 )