Desired Outcome

This PR reinstates changes committed in #2888 and reverted in #2940.

Additive policy loads (those that use POST) currently has unexpected behavior. If a policy POST attempts to update an existing resource, the attempted update is silently discarded.

From #2888:

[POSTing a policy that updates an existing annotation] does not add a new annotation - as expected - but the policy load operation succeeds, which could be misleading to a user. This is caused by how the different policy loader classes - Loader::ReplacePolicy (PUT), Loader::CreatePolicy (POST), and Loader::ModifyPolicy (PATCH) - use the Loader::Orchastrate methods eliminate_duplicates_exact, eliminate_duplicates_pk and update_changed.

• eliminate_duplicates_exact is used to cull objects specified in the incoming policy file that already existing in the current policy. Incoming updated annotations are not culled by this method.
• update_changed is used to persist updated objects from the incoming policy into the current policy.
• eliminate_duplicates_pk is used to cull objects that exist in the current policy that may have been updated by the incoming policy. Incoming updated annotations are always culled by this method, regardless of whether they have been persisted.

The Loader::CreatePolicy (POST) loader is the only loader class that does not call update_changed - this means eliminate_duplicates_exact and eliminate_duplicates_pk are run in sequence, deleting all objects that appear in both the existing and incoming policy files, regardless of updates.

#2888 includes a new error, raised when the Loader::Orchastrate finds itself eliminating non-exact duplicates in additive policy operations.

#2940 reverts these changes to avoid:

• Introducing breaking API changes without either a major version release or a versioned API.
• New, ambiguous error messages blocking customer's previously-functional policy operations

Implemented Changes

• Reinstate the changes made in Spike: adding/updating annotations via PUT/POST/PATCH #2888.

• Log a descriptive warning instead of raising an error. Example message:

  WARNING: Updating existing resource disallowed in additive policy operations (POST). In a future release, loading this policy file will fail with a 422 error code. The following updates have not been applied, and have been discarded: {:annotations=>[{:resource_id=>"cucumber:host:hosts/annotated", :name=>"description", :diff=>{:value=>["Already annotated", "Success"]}}]}
  

• Method Loader::Orchastrate.detect_duplicates_pk, which returns a hash of tables to updated resources, and is only invokes by additive policy operations.

Connected Issue/Story

Resolves #[relevant GitHub issue(s), e.g. 76]

CyberArk internal issue ID: [insert issue ID]

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

• The CHANGELOG has been updated, or
• This PR does not include user-facing changes and doesn't require a
  CHANGELOG update

Test coverage

• This PR includes new unit and integration tests to go with the code
  changes, or
• The changes in this PR do not require tests

Documentation

• Docs (e.g. READMEs) were updated in this PR
• A follow-up issue to update official docs has been filed here: [insert issue ID]
• This PR does not require updating any documentation

Behavior

• This PR changes product behavior and has been reviewed by a PO, or
• These changes are part of a larger initiative that will be reviewed later, or
• No behavior was changed with this PR

Security

• Security architect has reviewed the changes in this PR,
• These changes are part of a larger initiative with a separate security review, or
• There are no security aspects to these changes