Implement new v2 REST API

Andrew Medworthrequested to merge
issue/2152013-3588087:apiv2 into 1.0.x-dev

Implements a new v2 JSON REST API at /lmsrest/v2, including OpenAPI specification.

All requests to this API require an API key, which is associated with a user. For now, an API key carries exactly the same permissions as its owner: for organisations with visibility='R', the eventResults endpoint enforces org-user membership on the key owner, matching the web UI. In the future, a more sophisticated scheme for API key permissions could easily be implemented.

API keys can be created, disabled and deleted via the user settings. For now each user can have up to 5 keys.

Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com

Merge request reports