[PM-33435] Add new user key rotation endpoint with MP support

[Thomas-Avery]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-33435

📔 Objective

Adds a new endpoint for user key rotation without a password change. This implements the rotation for master password users and setups things for future implementation of key connector and TDE users.

This builds off the refactor done in #7201.

[github-actions]

Checkmarx One – Scan Summary & Details – c6f960d3-463d-4670-a309-e24dd7d8dfe2

---

New Issues (6)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
2		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
3		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
4		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
5		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1592	details Method at line 1592 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
6		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1419	details Method at line 1419 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector

---

Fixed Issues (3)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 96
	CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 96
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 293

[codecov]

Codecov Report

❌ Patch coverage is 94.89796% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.72%. Comparing base (53907c2) to head (6709a78).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...gement/Models/Requests/UnlockMethodRequestModel.cs	86.95%	2 Missing and 1 partial ⚠️
...ent/Controllers/AccountsKeyManagementController.cs	94.28%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7216      +/-   ##
==========================================
+ Coverage   57.68%   57.72%   +0.04%     
==========================================
  Files        2037     2042       +5     
  Lines       89719    89817      +98     
  Branches     7976     7985       +9     
==========================================
+ Hits        51751    51845      +94     
- Misses      36112    36114       +2     
- Partials     1856     1858       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

The base branch was changed.

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud