Determine if creating/updating a CVE record with x_legacyV4Record should be allowed

[jdaigneau5]

Summary

The x_legacyV4Record field was created when records were upconverted from v4 to v5 to maintain historical data. There isn't a need for users to modify this field, as it's only for historical data. However, it is an x_ field which are allowed by the schema. We need to determine how to handle this field going forward.

Proposed Actions

• Prevent this field from being submitted and return an error
• Continue to allow this field but send a warning message to the user
• Leave as is

[mprpic]

Notes from AWG meeting on Jul 30, 2024:

Out of scope for AWG: deciding what to do with the current v4 legacy objects within all CVE records; removing the legacy v4 record is a QWG decision.

In scope for AWG: deciding on whether we want to put any restrictions on updating the x_legacy* objects in a CVE record. The agreed decision is that at the time of migration, legacy content should be snapshotted into a repository (like cvelist or cvelistV5) and users should be made aware that any content in the CVE record is provided only for a short period of time (proposal: one month) before it is removed from the record and made available in she archive repository only. No changes are needed for CVE Services at this time.