Fix data obfuscation and ID field issues in updateUser function

[lakshayman]

Issue Description

The updateUser function in controllers/users.js has two critical issues:

1. It merges obfuscated email and phone number data into the user record.
2. It incorrectly includes an id field when updating user data, potentially causing conflicts with the document's actual ID.

Expected Behavior

1. The function should merge unobfuscated email and phone number data into the user record.
2. The id field should be excluded when updating user data.

Current Behavior

1. Obfuscated email and phone number data from fetchProfileDiff are being merged into the user record.
2. An id field is included in the data used to update the user record, which may interfere with the document's actual ID.

Screenshots

N/A

Reproducibility

• This issue is reproducible
• This issue is not reproducible

Steps to Reproduce

1. Call the updateUser function with a valid profileDiffId.
2. Check the updated user record in the database.
3. Observe that the email and phone number are obfuscated and an extra id field is present.

Severity/Priority

• Critical
• High
• Medium
• Low

Additional Information

The fetchProfileDiff function returns obfuscated data for UI purposes, but this data is being directly used to update the user record. We need to implement a way to get both obfuscated (for UI) and unobfuscated (for database updates) data.

Proposed Solution

1. Create a new function in profileDiffsQuery that returns unobfuscated data for database updates.
2. Modify the updateUser function to use this new function for getting unobfuscated data.
3. Implement a filtering step to remove the id field before updating the user record.

Checklist

• I have read and followed the project's code of conduct.
• I have searched for similar issues before creating this one.
• I have provided all the necessary information to understand and reproduce the issue.
• I am willing to contribute to the resolution of this issue.