[SM-909] Add service-account people access policy management endpoints (#3324)

* refactoring replace logic

* model for policies + authz handler + unit tests

* update AP repository

* add new endpoints to controller

* update unit tests and integration tests

---------

Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com>

src/Api/SecretsManager/Models/Request/PeopleAccessPoliciesRequestModel.cs

@@ -61,4 +61,39 @@ public class PeopleAccessPoliciesRequestModel
             GroupAccessPolicies = groupAccessPolicies
         };
     }
+
+    public ServiceAccountPeopleAccessPolicies ToServiceAccountPeopleAccessPolicies(Guid grantedServiceAccountId, Guid organizationId)
+    {
+        var userAccessPolicies = UserAccessPolicyRequests?
+            .Select(x => x.ToUserServiceAccountAccessPolicy(grantedServiceAccountId, organizationId)).ToList();
+
+        var groupAccessPolicies = GroupAccessPolicyRequests?
+            .Select(x => x.ToGroupServiceAccountAccessPolicy(grantedServiceAccountId, organizationId)).ToList();
+
+        var policies = new List<BaseAccessPolicy>();
+        if (userAccessPolicies != null)
+        {
+            policies.AddRange(userAccessPolicies);
+        }
+
+        if (groupAccessPolicies != null)
+        {
+            policies.AddRange(groupAccessPolicies);
+        }
+
+        CheckForDistinctAccessPolicies(policies);
+
+        if (!policies.All(ap => ap.Read && ap.Write))
+        {
+            throw new BadRequestException("Service account access must be Can read, write");
+        }
+
+        return new ServiceAccountPeopleAccessPolicies
+        {
+            Id = grantedServiceAccountId,
+            OrganizationId = organizationId,
+            UserAccessPolicies = userAccessPolicies,
+            GroupAccessPolicies = groupAccessPolicies
+        };
+    }
 }