Mark user component query parameter as required

[wolfkill]

Summary

• mark the component query parameter as required for get, delete, and update User API operations
• add a reflection-based test to keep the Swagger contract aligned with the required User API parameter

Why

The User API needs component to identify the component-specific user entry. Without this Swagger metadata, the UI can present the field as optional even though the request path requires it.

Fixes #14594

Tests

• RED: JAVA_HOME=/opt/homebrew/opt/openjdk@21/libexec/openjdk.jdk/Contents/Home ./mvnw -pl pinot-controller -am -Dtest=PinotAccessControlUserRestletResourceSwaggerTest -Dsurefire.failIfNoSpecifiedTests=false test failed before the annotation change with component must be marked required on getUser expected [true] but found [false]
• GREEN: JAVA_HOME=/opt/homebrew/opt/openjdk@21/libexec/openjdk.jdk/Contents/Home ./mvnw -pl pinot-controller -am -Dtest=PinotAccessControlUserRestletResourceSwaggerTest -Dsurefire.failIfNoSpecifiedTests=false test
• git diff --check

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.41%. Comparing base (a762254) to head (21b605f).

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #18631      +/-   ##
============================================
+ Coverage     64.40%   64.41%   +0.01%     
  Complexity     1137     1137              
============================================
  Files          3337     3337              
  Lines        206069   206069              
  Branches      32128    32128              
============================================
+ Hits         132710   132731      +21     
+ Misses        62726    62703      -23     
- Partials      10633    10635       +2     

Flag	Coverage Δ
custom-integration1	100.00% <ø> (ø)
integration	100.00% <ø> (ø)
integration1	100.00% <ø> (ø)
integration2	0.00% <ø> (ø)
java-21	64.41% <ø> (+0.01%)	⬆️
temurin	64.41% <ø> (+0.01%)	⬆️
unittests	64.40% <ø> (+0.01%)	⬆️
unittests1	56.82% <ø> (+<0.01%)	⬆️
unittests2	36.94% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[yashmayya]

Thanks for this! I think it's superseded by your other PR #18606 though — that one makes this same required=true change on all three methods AND adds the runtime guard that actually fixes the NPE. Suggest closing this in favor of #18606 (or rebasing it down). A couple of specifics inline.

[yashmayya]

required = true on a JAX-RS @QueryParam is just Swagger doc metadata — it doesn't make the framework reject a missing component. So the underlying bug still reproduces: with no component, validateComponentType returns null and getUser NPEs on componentType.name(). #18606 adds the actual guard that returns a clean 400.

[yashmayya]

This reflection test is basically identical to the one #18606 adds, and both PRs edit the same three annotations on the same file — they'll conflict. Another reason to fold this into #18606.