[STR-985] Fix: Allow only Admin users to access certain APIs

[mendescamara]

Summary

This branch strengthens admin user validation in the VTEX service layer, adds automated unit tests, fixes the .NET build when the test project lives under the same dotnet/ folder as the app, and runs .NET tests in the Quality Engineering GitHub Actions workflow.

NOTE: I am still analyzing the logs to confirm the impact of this change on the APIs.

Changes

Authentication and License Manager (VtexAPIService)

• After credential/validate, the flow calls the private accounts API /api/pvt/accounts/{account}/logins/{userId}/granted to confirm the login is granted in License Manager.
• The response body is handled when HTTP 200 is returned with false (denied access), as well as true and JSON boolean forms, instead of relying on HTTP status alone.
• If validate succeeds without an Id, the user is not treated as valid for the LM check.

Unit tests

• New AvailabilityNotify.Tests project (xUnit + Moq) with tests focused on VtexAPIService (ValidateUserToken, IsValidAuthUser, ListNotifyRequests) and a test HttpMessageHandler to stub outbound HTTP calls.
• dotnet/dotnet.sln groups the app and the test project for restore, build, and test from the dotnet/ directory.

Build and NuGet

• In availability-notify.csproj, DefaultItemExcludes for AvailabilityNotify.Tests/** so the SDK default glob does not compile test sources into the main assembly (typical cause of CS0246 for Moq / Xunit on the wrong project).
• Optional on the branch: root NuGet.Config pinning nuget.org for reliable restore when machine-level feeds or credential providers fail.

CI (GitHub Actions)

The tests are not yet in GitHub Actions because I don't have permission to modify the .github/workflows files.
I have requested permission from the IT team.

How to verify locally

dotnet restore
dotnet build dotnet/availability-notify.csproj
dotnet test dotnet/AvailabilityNotify.Tests/AvailabilityNotify.Tests.csproj

(Adjust paths if you use a different .sln at the repo root or under dotnet/.)

Checklist

• .NET build and tests pass locally and in CI after merge.

[vtex-io-ci-cd]

Hi! I'm VTEX IO CI/CD Bot and I'll be helping you to publish your app! 🤖

Please select which version do you want to release:

• Patch (backwards-compatible bug fixes)

• Minor (backwards-compatible functionality)

• Major (incompatible API changes)

And then you just need to merge your PR when you are ready! There is no need to create a release commit/tag.

• No thanks, I would rather do it manually 😞

[vtex-io-docs-bot]

Beep boop 🤖

I noticed you didn't make any changes at the docs/ folder

• There's nothing new to document 🤔
• I'll do it later 😞

In order to keep track, I'll create an issue if you decide now is not a good time

• I just updated 🎉🎉

[github-actions]

	Warnings
⚠️	Looks like this PR is too large [:bulb: smaller PRs are easy to review and approve]

	Messages
📖	❤️ Thanks!
📖	🎉 PR additions = 514, PR deletions = 5520

Generated by 🚫 dangerJS against 09bc8f8

[vtex-io-ci-cd]

Your PR has been merged! App is being published. 🚀
Version 1.14.1 → 1.14.2

After the publishing process has been completed (check #vtex-io-releases) and doing A/B tests with the new version, you can deploy your release by running:

vtex deploy vtex.availability-notify@1.14.2

After that your app will be updated on all accounts.

For more information on the deployment process check the docs. 📖