C2: Add "auto_remove" field to the extra_field table to automatically delete values on anonymisation #5211
Description
When anonymising a user, if an extra field happened to contain personally identifiable information, this field's value is not removed automatically by the anonymisation.
This could be improved by adding an "auto_remove" field to the extra_field table, which would only show when editing a field in the "user fields" form. When anonymising, we would then check if any extra field is marked as "auto_remove" and delete its record in extra_field_values.
To do:
- add auto_remove 0/1 field in the ExtraField entity
- add the addition of the field (to 0 by default) in the migration process
- add the field in the user extra field creation and edition form. Title of the field "Remove on anonymisation". Description of the field: "Remove this value when anonymising a user, because it could otherwise help identify the user despite the anonymisation."
- in the anonymisation process (see UserManager::anonymize()) (and also in tests/scripts/synchronize_user_base_from_ldap.php, see recent changes in 1.11.x for this one), check all user extra fields for one (or various) with the "auto_remove" field set to 1, and if so, delete the corresponding extra_field_values record