Ensure metadata provenance url matches provider url when provided

This will refuse the metadata-only deposit if the metadata provenance does not match. This is doing a similar check already done when doing deposit with origin url mismatching that same (client) provider url.

Related to #3677 (closed)

Test Plan

tox

---

Migrated from D7238 (view on Phabricator)