✨(contacts) filter list API with email

This allows to lookup onto emails for the "magic
filter" on the API list endpoint.

src/backend/core/utils/raw_sql.py

@@ -0,0 +1,41 @@
+"""Helper functions to generate raw SQL queries for Django models."""
+
+from typing import Type
+
+from django.db import models
+from django.db.models.expressions import RawSQL
+
+
+def gen_sql_filter_json_array(
+    model: Type[models.Model],
+    lookup_path: str,
+    nested_key: str,
+    lookup_value: str,
+) -> RawSQL:
+    """
+    Filter a queryset on a nested JSON key in an array field with
+    a case-insensitive and unaccent match.
+
+    Highly inspired from
+    https://gist.github.com/TobeTek/df2e9783a64e431c228c513441eaa8df#file-utils-py
+
+    :param Type[models.Model] model: Your Django model to filter on
+    :param str lookup_path: The lookup path of the array field/key in
+           Postgres format e.g `data->"sub-key1"->"sub-key2"`
+    :param str nested_key: The name of the nested key to filter on
+    :param str lookup_value: The value to match/filter the queryset on
+    """
+    # Disabling S608 Possible SQL injection vector through string-based query construction
+    # because we are using Django's RawSQL with parameters.
+    # Disabling S611 Use of `RawSQL` can lead to SQL injection vulnerabilities
+    # for the same reason.
+
+    table_name = model._meta.db_table  # noqa: SLF001
+
+    query = (
+        f"SELECT {table_name}.id FROM {table_name}, "  # noqa: S608
+        f"jsonb_array_elements({lookup_path}) AS temp_filter_table "
+        f"WHERE unaccent(temp_filter_table->>'{nested_key}') ILIKE  unaccent(%s)"
+    )
+
+    return RawSQL(sql=query, params=[f"%{lookup_value}%"])  # noqa: S611