Ensure metadata provenance url matches provider url when provided
This will refuse the metadata-only deposit if the metadata provenance does not match. This is doing a similar check already done when doing deposit with origin url mismatching that same (client) provider url.
Related to #3677 (closed)
Test Plan
tox
Migrated from D7238 (view on Phabricator)