ANW-261 Prevent Public Search Queries Matching on Unpublished Data

[quoideneuf]

Addresses the problem of searchable non-published data by adding alternate fields notes_published and fullrecord_published to the solr schema. Adds logic to the backend so that search requests coming from the public user are marked :protect_published, which results in a Solr::Query instance producing a url with the alternate fields. Unfortunately, it gets a bit messy due to 1) the way keyword type searches are handled (see #2824). Since they are not prefixed in the query string, the _published suffix needs to be added to the qf parameter (which is ignored for search clauses with prefixed fields); 2) the way the Solr::Query object is instantiated after the advanced_query json object is parsed into a solr query string. Perhaps that parsing could be delayed until the entire query is exported to a url? Then the :protect_published option wouldn't need to be passed around so much.

Regarding 1) - perhaps PR 2824 was a bad idea. Could the same results be achieved by reverting keyword to map to fullrecord and using boost queries rather than qf to ensure results with identifier and title matches are at the top of the results list? Would also require some rework of the AdvancedSearch field mapping definitions to affect bq param in Solr::Query.

Note on Indexer Tests: I reworked the way the factories and JSONModel client get set up in the spec helper - maybe this could simplify the setup in other test workflows. The indexer tests run without any supporting backend thanks to the VCR gem. The workflow for a developer editing the tests (unless they don't need to change the existing fixtures) would be something like:

rm indexer/spec/cassettes/indexer_spec.yml
./build/run backend:devserver
ASPACE_TEST_BACKEND_URL=http://localhost:4567 ./build/run indexer:test
git add indexer/spec/cassettes/indexer_spec.yml

This workflow should also work fine with the docker test setup in build.xml.