Add validation of group filters - specifically managed

[jrafanie]

If a user tries to POST to API with:

http://localhost:3000/api/groups/31/

{
  "action" : "edit",
  "resource" : {
    "filters" : {
    	"managed" : [[ "/managed/cc/999" ]]			
	}
  }
}

We need to validate that managed filter will resolve to the correct category and entry.

I started on this:

diff --git a/app/models/entitlement.rb b/app/models/entitlement.rb
index ba4f5c9be9..4468148f16 100644
--- a/app/models/entitlement.rb
+++ b/app/models/entitlement.rb
@@ -73,6 +73,20 @@ class Entitlement < ApplicationRecord
     end
   end

+  def orphaned_managed_filters
+    return [] unless get_managed_filters.present?
+
+    self.filters["managed"].first.select do |filter|
+      self.class.orphaned_managed_filter(filter)
+    end
+  end
+
+  def self.orphaned_managed_filter(filter)
+    # returns namespace string, category object, and entry object
+    # if either category or entry is blank/nil, it's invalid
+    Classification.tag_name_to_objects(filter).any?(&:blank?)
+  end
+

[jrafanie]

TODO: Investigate if renaming a tag used in a managed filter fails to update the filter with the new name.

EDIT: This should should resolve future problems caused by tag renames: #23393

[jrafanie]

Note, belongsto filter validation exists in the UI here: ManageIQ/manageiq-ui-classic#5511. This should be normalized for usage in the API or UI and be extended to include managed filters.