BE: Record all applications of a Global Privacy Control Signal

[mfbrown]

This is the backed work for #2232

As a compliance person, I want a record of each consent selection which is made because of a global privacy control signal so that I can demonstrate to regulators our compliance and so I can understand the impact and use of the feature in my customer base.

AC

• Given that I have enabled global privacy control support on one or more data use cases, when a user has consent settings applied to adhere to their GPC signal, then a record is created with 1) the use case and information about the data subject, to the extent possible (existing functionality in our current Consent db table), and 2) both the existence of the GPC flag and whether or not the consent record conflicts with the GPC flag
• If the user has accessed the privacy center, save the identity (existing functionality in our current Consent db table)

[eastandwestwind]

Connected with Michael and clarified a couple things:

1. Users will eventually save consent preferences via a Fides consent banner, when they won't have a true "identity" yet. Right now this is still only available on the privacy center.
2. Whether or not GPC applies to each data use case is stored in the config.json on FE. Because of this, we wouldn't be able to infer that a selection conflicted with GPC just from the database, if we only stored hasGpcFlag. So, I advise storing a conflictsWithGpc flag in the db too.
3. Currently the Consent table is NOT historical, meaning each time a user saves consent preference for a data use case, the previous one associated with that data use case gets overridden. This is OK for now, but we anticipate supporting historical reporting here- https://ethyca.atlassian.net/wiki/spaces/PM/pages/2609021029/Enhancing+Compliance+Capabilities+In+Fides+with+User+Consent+Reporting?atlOrigin=eyJpIjoiZTJmNzNkYmM1OTk1NDNlZWExZWJmNWY2ZDA2YzJiM2UiLCJwIjoiY29uZmx1ZW5jZS1jaGF0cy1pbnQifQ