ValidateRolePermissions for MIs montioring the Value of a Node

[romanett]

Proposed changes

Adds a validation of the RolePermissions for MonitoredItems monitoring the Value of a Node.

The validation is already in place for event monitored items and is also added for dataChangeMonitoredItems with this PR.

Related Issues

• Fixes Session is not provided by "ClearChangeMasks" when a change is notified #2656

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• Enhancement (non-breaking change which adds functionality)
• Test enhancement (non-breaking change to increase test coverage)
• Breaking change (fix or feature that would cause existing functionality to not work as expected, requires version increase of Nuget packages)
• Documentation Update (if none of the other choices apply)

Checklist

• I have read the CONTRIBUTING doc.
• I have signed the CLA.
• I ran tests locally with my changes, all passed.
• I fixed all failing tests in the CI pipelines.
• I fixed all introduced issues with CodeQL and LGTM.
• I have added tests that prove my fix is effective or that my feature works and increased code coverage.
• I have added necessary documentation (if appropriate).
• Any dependent changes have been merged and published in downstream modules.

Further comments

After investigation I came to the following conclusion:

creating a MI is correctly validating the role permissions
however changing the user identity after the MI exists you are still allowed to receive data changes.
Test Setup:

Reference Server
Node: ns=2 nodeId=AccessRights_RolePermissions_ConfigureAdmin
node creation:

Client 1: Configure Admin (sysadmin) ->sucessfully monitor node
Client 2: Anonymous -> cant create MI
Client 1: -> change user identity to anonymous -> still monitors node
Client 2: -> write node
Client 1-> receives Data change even though it should not be able to