Ensure Project#user_id is not set on public project

A public project, i.e. one that is accessible to all users, should not
have `Project#user_id` set. This is already implicitly enforced by
`Api::PublicProjectsController#project_params` which excludes the
`user_id` param. However, I thought it was worth adding an example to
guarantee it remains the case.

Author: floehopper

spec/features/public_project/creating_a_public_project_spec.rb

@@ -39,6 +39,15 @@
     )
   end
 
+  it 'does not set user_id on project even if one is supplied' do
+    user_id = SecureRandom.uuid
+
+    post('/api/public_projects', headers:, params: params.merge(user_id:))
+    data = JSON.parse(response.body, symbolize_names: true)
+
+    expect(data).to include(user_id: nil)
+  end
+
   context 'when creator is not an experience-cs admin' do
     let(:creator) { build(:user) }