100 character limits for name fields not enforced

[ElectricNroff]

#1107 says "adds 100 character limits to the First name, Last Name, Middle Name, and Suffix fields on users" but the implementation is incorrect because it tries to apply the restrictions within the body of the request rather than in the request URL. For example, any user of an organization can choose to have a first name of more than 100 characters, e.g.,

a PUT request to
https://cveawg-test.mitre.org/api/org/ZT%26T/user/analyst101@ztt.example.com?name.first=1:1234567,2:1234567,3:1234567,4:1234567,5:1234567,6:1234567,7:1234567,8:1234567,9:1234567,10:1234567,11:1234567

results in
HTTP/1.1 200 OK
"message":"analyst101@ztt.example.com was successfully updated." ...
"name":{"first":"1:1234567,2:1234567,3:1234567,4:1234567,5:1234567,6:1234567,7:1234567,8:1234567,9:1234567,10:1234567,11:1234567"

where:
% echo -n 1:1234567,2:1234567,3:1234567,4:1234567,5:1234567,6:1234567,7:1234567,8:1234567,9:1234567,10:1234567,11:1234567 | wc -c
111

and 111 is more than the intended limit of 100.

This may be related to:
7745bbd

The goal is to enforce a limit against query(['name.first']) because https://cveawg-test.mitre.org/api-docs/#/Users/userUpdateSingle says name.first is part of the query

If a user sends name.first in the request body, rather than in the URL, and there are more than 100 characters, the user does indeed get this error message:

{"error":"BAD_INPUT","message":"Parameters were invalid","details":[{"msg":"Invalid name.first. Name must be between 1 and 100 characters in length.","param":"name.first","location":"body"}]}

However, this restriction is largely irrelevant, because name.first in the body is never a valid way to set a user's first name (e.g., if it were a short first name, it would simply be ignored by the server with no error message).

[jdaigneau5]

Resolved by #1161