[Pm 3797 Part 2] Add emergency access rotations (#3434)

## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective
<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
See #3425 for part 1 and background.

This PR adds emergency access to the rotation. All new code is hidden behind a feature flag.

The Accounts controller has also been moved to Auth ownership.

## Code changes
<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

* **file.ext:** Description of what was changed and why
* **AccountsController.cs:** Moved to Auth ownership. Emergency access validation was added (as well as initializing empty lists to avoid errors).
* **EmergencyAccessRotationValidator.cs:** Performs validation on the provided list of new emergency access keys.
* **EmergencyAccessRepository.cs:** Adds a method to rotate encryption keys. This is added to a list in the `RotateUserKeyCommand` that the `UserRepository` calls so it doesn't have to know about all the domains.

## Before you submit

- Please check for formatting errors (`dotnet format --verify-no-changes`) (required)
- If making database changes - make sure you also update Entity Framework queries and/or migrations
- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team

src/Infrastructure.EntityFramework/Auth/Repositories/EmergencyAccessRepository.cs

@@ -1,10 +1,12 @@
 using AutoMapper;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
+using Bit.Core.Auth.UserFeatures.UserKey;
 using Bit.Core.Repositories;
 using Bit.Infrastructure.EntityFramework.Auth.Models;
 using Bit.Infrastructure.EntityFramework.Auth.Repositories.Queries;
 using Bit.Infrastructure.EntityFramework.Repositories;
+using Microsoft.Data.SqlClient;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
 
@@ -116,4 +118,30 @@ public class EmergencyAccessRepository : Repository<Core.Auth.Entities.Emergency
             return notifies;
         }
     }
+
+    /// <inheritdoc />
+    public UpdateEncryptedDataForKeyRotation UpdateForKeyRotation(
+        Guid grantorId, IEnumerable<Core.Auth.Entities.EmergencyAccess> emergencyAccessKeys)
+    {
+        return async (SqlConnection connection, SqlTransaction transaction) =>
+        {
+            var newKeys = emergencyAccessKeys.ToList();
+            using var scope = ServiceScopeFactory.CreateScope();
+            var dbContext = GetDatabaseContext(scope);
+            var userEmergencyAccess = await GetDbSet(dbContext)
+                .Where(ea => ea.GrantorId == grantorId)
+                .ToListAsync();
+            var validEmergencyAccess = userEmergencyAccess
+                .Where(ea => newKeys.Any(eak => eak.Id == ea.Id));
+
+            foreach (var ea in validEmergencyAccess)
+            {
+                var eak = newKeys.First(eak => eak.Id == ea.Id);
+                ea.KeyEncrypted = eak.KeyEncrypted;
+            }
+
+            await dbContext.SaveChangesAsync();
+        };
+    }
+
 }

src/Infrastructure.EntityFramework/Repositories/UserRepository.cs

@@ -164,7 +164,7 @@ public class UserRepository : Repository<Core.Entities.User, User, Guid>, IUserR
             //  Update re-encrypted data
             foreach (var action in updateDataActions)
             {
-                // TODO (jlf0dev): Check if transaction captures these operations
+                // connection and transaction aren't used in EF
                 await action();
             }