[DDO-3911] improve chart name validation

[jack-r-warren]

Sherlock checks that the chart name isn't empty, but it doesn't impose validation on it not having special characters. This is a problem when security scanners target Sherlock's API, because "garbage in garbage out" means Sherlock ingests and stores the garbage.

This PR changes the validation to not just check emptiness but also that it matches the same kind of regex we use to validate environment names.

It is possible for deployment of this change to fail if there's already garbage in the database. I've checked and prod doesn't suffer from this. Dev does so I'll clean up manually.

delete from charts where name not similar to '[a-z0-9]([-a-z0-9]*[a-z0-9])?';

Testing

We have a ton of testing for all sorts of valid chart names; everything in TestData gets automatically created. I added a test that checks invalid characters and it now properly passes with this fix in place.

Risk

Low. No impact to prod. Any issues would halt rollout.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

No API changes detected

[github-actions]

Published image from eb35acd (merge 16a8d81):

us-central1-docker.pkg.dev/dsp-artifact-registry/sherlock/sherlock:v1.6.11-16a8d81
us-central1-docker.pkg.dev/dsp-devops-super-prod/sherlock/sherlock:v1.6.11-16a8d81