Auth/PM-17877 Add device on all API requests

[trmartin4]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-17877

📔 Objective

In order to provide LaunchDarkly context for targeting based on device identifier, we would like to include Device-Identifier on all API requests. This is accomplished by adding the header at the ApiService level. As the AppIdService will generate the appId if it does not yet exist, there is not a check for existence before adding the header.

Since the header is now being added on all requests, this PR also removes 2 alterHeaders implementations that were used for updateTrust() and postDeviceTrustLoss(), since the header will already be there.

📸 Screenshots

On POST of cipher update, as an example

On update-trust when rotating a user's encryption key with trusted devices

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – f63b6759-d9a2-489e-bfa1-0fa0190ba54e

Great job, no security vulnerabilities found in this Pull Request

[codecov]

Codecov Report

Attention: Patch coverage is 50.00000% with 3 lines in your changes missing coverage. Please review.

Project coverage is 35.48%. Comparing base (1d71212) to head (f4a338f).

Files with missing lines	Patch %	Lines
apps/browser/src/background/main.background.ts	0.00%	1 Missing ⚠️
...th/services/device-trust.service.implementation.ts	50.00%	1 Missing ⚠️
...uth/services/devices-api.service.implementation.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13205      +/-   ##
==========================================
- Coverage   35.48%   35.48%   -0.01%     
==========================================
  Files        3007     3007              
  Lines       90899    90894       -5     
  Branches    16908    16908              
==========================================
- Hits        32260    32258       -2     
+ Misses      56137    56134       -3     
  Partials     2502     2502              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[trmartin4]

❓ A few questions for recommendations:

1. This leaves the DeviceService and DeviceApiService in a bit of an unclear place. Some methods expect a deviceIdentifier, but some don't and use the current device identifier that's automatically added in ApiService. I'm open to cleaning up the interface and no longer exposing the deviceIdentifier on any of the methods - instead determining it internally from appIdService.getAppId(). I wasn't sure if this would add too much to this PR though. The only DeviceIdentifier that a client knows is its own, so it feels like we could really think of all methods in the context of the "current device" when dealing with a device identifier.
2. The ApiService itself doesn't appear to be tested. Any recommendations of where to add tests for this?