feat: removing sensative info from leasing agent

[YazeedLoonat]

Pull Request Template

Issue Overview

This PR is related to the comment: metrotranscom#47

• This change addresses the issue in full

Description

We were exposing too much user data publicly with the leasing agent data that gets returned with a listing

This pr pulls out much of the sensitive data

How Can This Be Tested/Reviewed?

on the public site (not logged in) if you go to apply for a listing with the console open (keep tabs of network traffic) you should be able to see the data that gets returned from the call for that listing

you should no longer see sensitive data as part of the leasing agent data in that listing

alternatively you could check localhost:3100/docs and verify the /listings endpoints return data set for a listing's leasing agent section is sensative-info-less

Checklist:

• My code follows the style guidelines of this project
• I have added QA notes to the issue with applicable URLs
• I have performed a self-review of my own code
• I have reviewed the changes in a desktop view
• I have reviewed the changes in a mobile view
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have assigned reviewers
• I have run yarn generate:client and/or created a migration if I made backend changes that require them
• My commit message(s) is/are polished, and any breaking changes are indicated in the message and are well-described
• Commits made across packages purposefully have the same commit message/version change, else are separated into different commits

Reviewer Notes:

Steps to review a PR:

• Read and understand the issue, and ensure the author has added QA notes
• Review the code itself from a style point of view
• Pull the changes down locally and test that the acceptance criteria is met
• Also review the acceptance criteria on the Netlify deploy preview (noting that these do not yet include any backend changes made in the PR)
• Either explicitly ask a clarifying question, request changes, or approve the PR if there are small remaining changes but the PR is otherwise good to go

On Merge:

If you have one commit and message, squash. If you need each message to be applied, rebase and merge.

[netlify]

✅ Deploy Preview for bloom-exygy-dev ready!

Name	Link
🔨 Latest commit	fa7dd38
🔍 Latest deploy log	https://app.netlify.com/sites/bloom-exygy-dev/deploys/64404b19c8c9a40008c71cf7
😎 Deploy Preview	https://deploy-preview-3409--bloom-exygy-dev.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[ludtkemorgan]

Looks good. I noticed the leasingAgentEmail and leasingAgentName are different than the one listed in leasingAgents. So I wonder if we can just remove all but the id? I think we are fine with what you have though
.

On a different note, we probably want to remove the activeAccessToken from the /user/list endpoint as well. It's a secured endpoint, but still don't want other people's access token's accessible. That can be part of a different ticket

[ColinBuyck]

LGTM 🧇

[YazeedLoonat]

I spun up: #3412 to address some of that, merging this in