[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault (#4098)

* Add check to verify the vault state for rotation is not obviously desynced (empty)

* Add unit test for key rotation guardrail

* Move de-synced vault detection to validators

* Add tests

src/Api/AdminConsole/Validators/OrganizationUserRotationValidator.cs

@@ -27,13 +27,9 @@ public class OrganizationUserRotationValidator : IRotationValidator<IEnumerable<
         }
 
         var result = new List<OrganizationUser>();
-        if (resetPasswordKeys == null || !resetPasswordKeys.Any())
-        {
-            return result;
-        }
 
         var existing = await _organizationUserRepository.GetManyByUserAsync(user.Id);
-        if (existing == null || !existing.Any())
+        if (existing == null || existing.Count == 0)
         {
             return result;
         }

src/Api/Auth/Validators/EmergencyAccessRotationValidator.cs

@@ -24,13 +24,9 @@ public class EmergencyAccessRotationValidator : IRotationValidator<IEnumerable<E
         IEnumerable<EmergencyAccessWithIdRequestModel> emergencyAccessKeys)
     {
         var result = new List<EmergencyAccess>();
-        if (emergencyAccessKeys == null || !emergencyAccessKeys.Any())
-        {
-            return result;
-        }
 
         var existing = await _emergencyAccessRepository.GetManyDetailsByGrantorIdAsync(user.Id);
-        if (existing == null || !existing.Any())
+        if (existing == null || existing.Count == 0)
         {
             return result;
         }

src/Api/Tools/Validators/SendRotationValidator.cs

@@ -30,13 +30,9 @@ public class SendRotationValidator : IRotationValidator<IEnumerable<SendWithIdRe
     public async Task<IReadOnlyList<Send>> ValidateAsync(User user, IEnumerable<SendWithIdRequestModel> sends)
     {
         var result = new List<Send>();
-        if (sends == null || !sends.Any())
-        {
-            return result;
-        }
 
         var existingSends = await _sendRepository.GetManyByUserIdAsync(user.Id);
-        if (existingSends == null || !existingSends.Any())
+        if (existingSends == null || existingSends.Count == 0)
         {
             return result;
         }

src/Api/Vault/Validators/CipherRotationValidator.cs

@@ -26,13 +26,9 @@ public class CipherRotationValidator : IRotationValidator<IEnumerable<CipherWith
     public async Task<IEnumerable<Cipher>> ValidateAsync(User user, IEnumerable<CipherWithIdRequestModel> ciphers)
     {
         var result = new List<Cipher>();
-        if (ciphers == null || !ciphers.Any())
-        {
-            return result;
-        }
 
         var existingCiphers = await _cipherRepository.GetManyByUserIdAsync(user.Id, UseFlexibleCollections);
-        if (existingCiphers == null || !existingCiphers.Any())
+        if (existingCiphers == null || existingCiphers.Count == 0)
         {
             return result;
         }

src/Api/Vault/Validators/FolderRotationValidator.cs

@@ -19,13 +19,9 @@ public class FolderRotationValidator : IRotationValidator<IEnumerable<FolderWith
     public async Task<IEnumerable<Folder>> ValidateAsync(User user, IEnumerable<FolderWithIdRequestModel> folders)
     {
         var result = new List<Folder>();
-        if (folders == null || !folders.Any())
-        {
-            return result;
-        }
 
         var existingFolders = await _folderRepository.GetManyByUserIdAsync(user.Id);
-        if (existingFolders == null || !existingFolders.Any())
+        if (existingFolders == null || existingFolders.Count == 0)
         {
             return result;
         }