Harden validation for user-provided JSON metadata fields

[yuanzhou]

Motivated by #985, when time permits we should investigate the underlying root cause of these bad data issues and consider strengthening the entity-api validation to prevent similar occurrences in the future. This review should apply (but not be limited to) the following fields:

Donor.metadata
Sample.metadata
Sample.rui_location
Dataset.metadata
Dataset.ingest_metadata
Dataset.calculated_metadata

If this proves to be a broader validation concern, then in principle all fields defined as type: json_string that accept user-provided input should be evaluated under the same criteria.