Optionally reject references without explicit resource type

[punktilious]

Describe the bug
The FHIR specification allows a reference to be specified without an explicit resource type. For example the following reference to Organization/3003 is currently accepted:

    "managingOrganization": {
        "display": "ACME Healthcare, Inc",
        "reference": "3003"
    },

Because the IBM FHIR Server does not serve resources directly from its base, the reference 3003 should not be treated as valid. e.g.

https://localhost:9443/fhir-server/api/v4/3003      <==== not valid

The correct way to define the reference is:

    "managingOrganization": {
        "display": "ACME Healthcare, Inc",
        "reference": "Organization/3003"
    },

This reference is valid, because Organization/3003 can be resolved as a local relative resource:

https://localhost:9443/fhir-server/api/v4/Organization/3003      <==== OK

However, ambiguous resource references like 3003 may currently exist in IBM FHIR Server deployments, so a fhir-server-config parameter is needed to switch off rejection of this form if required.

This impacts FHIR search queries. The following search is requesting any patient with a reference to organization 3001:

https://localhost:9443/fhir-server/api/v4/Patient?organization=3001

This will match a patient if its organization reference is defined as:

    "managingOrganization": {
        "display": "ACME Healthcare, Inc",
        "reference": "3001"
    },

and will also match a patient with an organization reference defined as:

    "managingOrganization": {
        "display": "ACME Healthcare, Inc",
        "reference": "Organization/3001"
    },

If the search is defined as:

https://localhost:9443/fhir-server/api/v4/Patient?organization=Organization/3001

this will match a patient with an organization reference defined as "Organization/3001" but not one defined with just "3001". This is because the underlying query filters on the resource type of Organization which is not associated with the reference value "3001". This behavior may not be obvious, which is why rejecting resource references without an explicit resource type is a good practice.

[tbieste]

There's already a fhirServer/core/checkReferenceTypes config parameter that defaults to 'true' that involves reference resource type checking. Even though this is additional checking, could this just use that same config parameter, or is it worth a new one just for this?

[michaelwschroeder]

Running with the latest FHIR server code in my local development environment, I validated the issue is fixed by testing the following:

1. Set the fhirServer/core/checkReferenceTypes config parameter to true and attempted to create an Observation resource with a subject reference of 123. It failed as expected with the following error: Invalid reference value or resource type not found in reference value: '123' for element: 'subject'.
2. Set the fhirServer/core/checkReferenceTypes config parameter to false and attempted to create an Observation resource with a subject reference of 123. It succeeded as expected.
3. Set the fhirServer/core/checkReferenceTypes config parameter to false and attempted to read and search for the Observation created in step Update docs/FHIRServerUsersGuide.md for R4 #2. Both the read and the search succeeded as expected.
4. Set the fhirServer/core/checkReferenceTypes config parameter to true and attempted to read and search for the Observation created in step Update docs/FHIRServerUsersGuide.md for R4 #2. Both failed as expected with a fatal exception and an entry in the log: Invalid reference value or resource type not found in reference value: '123' for element: 'subject'.