Verify if the requested user is under an application

[craigyu]

Description:

Currently, get_application_user_by_id in server/backend/api/app/routers/router_application.py does not verify if the requested user is actually under the specified application ID. We do check if the requester is an admin under the requested application, but there's no validation that the user being fetched belongs to that application.

To address this, create a new CRUD function to fetch a user under a given application ID, ensuring that the requested user is verified to belong to the specified application in the endpoint.

---

Acceptance Criteria:

1. Verify User-Application Relationship:

   • The endpoint must verify that the requested user belongs to the specified application.
   • If the user does not belong to the application, the endpoint should return a 404 Not Found or an appropriate error message.

2. Create CRUD Function:

   • Create a new CRUD function to fetch users by both application_id and user_id.
   • Ensure the CRUD function verifies the existence of the relationship between the user and application.

3. Update Endpoint Logic:

   • Update get_application_user_by_id to use the newly created CRUD function.
   • Ensure the logic prevents access to users who are not part of the given application.

4. Test Cases:

   • Add test cases to verify the behavior when:
     • The user is part of the application.
     • The user is not part of the application.
     • The requester does not have the necessary permissions.