Add API request validations for acl and legal tags
While testing the /upgrade API, ActivityRecord failed creation since the upgradeRequest expects and acl and legal tags as part of the /upgrade request. This is missing in the openapi spec. Missing validation of the request