This builds upon #18208 by adding a form request for the index API controllers.

We were seeing a lot of rollbars from hosted customers where the filter payload being passed was invalid, being passed as ?filter=email:[email protected] versus the valid version, ?filter={"email":"[email protected]"}:

This was previously resulting in a TypeError: array_filter(): Argument #1 ($array) must be of type array, null given error, since we try to json_decode() that filter value. The hard error was fixed #18208, but resulted in us silently ignoring the query instead of returning a validation error, which meant the entire result set would be returned. With this PR, the result of invalid JSON there will be:

{
    "status": "error",
    "messages": {
        "filter": [
            "The filter field must be a valid JSON string."
        ]
    },
    "payload": null
}

I suspect most people with integrations with that API filter haven't been checking the results of the query at all, since it would have been returning a hard 500, so perhaps it doesn't even matter, but this at least returns a useful error instead of potentially erroneous results where the filter was ignored.

This also adds another test and refines the existing one that was looking for the filter field.

We don't typically use form requests for the index pages, since they're not really submitting a form, but instead only passing query strings to search on, but this seemed like a worthwhile one since it is dealing with the request. We'll see what the other devs think though.