Enforce that field names are not repeated across risk objects as part of build/validate

* For risk and threat objects, we expect each field to be used for a single entry, not multiple
* We check against this at runtime during testing, but it could be enforced by validators as well