DRIVERS-3294 Update $lookup prose test to support 8.2+ (#1846)

Author: connorsmacd

source/client-side-encryption/client-side-encryption.md

@@ -2519,6 +2519,9 @@ explicit session parameter as described in the [Drivers Sessions Specification](
 
 ## Changelog
 
+- 2025-09-30: Update `$lookup` prose test to reflect changes in
+    [MONGOCRYPT-793](https://jira.mongodb.org/browse/MONGOCRYPT-793).
+
 - 2025-08-06: Add `TextPreview` algorithm.
 
 - 2024-02-19: Add custom options AWS credential provider.

source/client-side-encryption/etc/data/lookup/schema-non-csfle.json

@@ -0,0 +1,3 @@
+{
+   "bsonType": "object"
+}

source/client-side-encryption/tests/README.md

@@ -3457,6 +3457,7 @@ Use `encryptedClient` to drop and create the following collections:
 - `db.qe2` with options: `{ "encryptedFields": "<schema-qe2.json>"}`.
 - `db.no_schema` with no options.
 - `db.no_schema2` with no options.
+- `db.non_csfle_schema` with options: `{ "validator": { "$jsonSchema": "<schema-non-csfle.json>"}}`
 
 Create an unencrypted MongoClient named `unencryptedClient`.
 
@@ -3472,6 +3473,7 @@ Insert documents with `encryptedClient`:
     - Use `unencryptedClient` to retrieve it. Assert the `qe2` field is BSON binary.
 - `{"no_schema": "no_schema"}` into `db.no_schema`
 - `{"no_schema2": "no_schema2"}` into `db.no_schema2`
+- `{"non_csfle_schema": "non_csfle_schema"}` into `db.non_csfle_schema`
 
 #### Case 1: `db.csfle` joins `db.no_schema`
 
@@ -3652,7 +3654,7 @@ Expect one document to be returned matching:
 
 #### Case 8: `db.csfle` joins `db.qe`
 
-Test requires server 8.1+ and mongocryptd/crypt_shared 8.1+.
+Test requires server 8.1+ and mongocryptd/crypt_shared 8.1+
 
 Recreate `encryptedClient` with the same `AutoEncryptionOpts` as the setup. (Recreating prevents schema caching from
 impacting the test).
@@ -3673,7 +3675,12 @@ Run an aggregate operation on `db.csfle` with the following pipeline:
 ]
 ```
 
-Expect an exception to be thrown with a message containing the substring `not supported`.
+Expect an exception to be thrown with a message containing one of the following substrings depending on the
+mongocryptd/crypt_shared and libmongocrypt versions:
+
+- mongocryptd/crypt_shared \<8.2 **or** libmongocrypt \<1.17.0: `not supported`.
+- mongocryptd/crypt_shared 8.2+ **and** libmongocrypt 1.17.0+:
+    `Cannot specify both encryptionInformation and csfleEncryptionSchemas unless csfleEncryptionSchemas only contains non-encryption JSON schema validators`.
 
 #### Case 9: test error with \<8.1
 
@@ -3700,6 +3707,31 @@ Run an aggregate operation on `db.csfle` with the following pipeline:
 
 Expect an exception to be thrown with a message containing the substring `Upgrade`.
 
+#### Case 10: `db.qe` joins `db.non_csfle_schema`
+
+Test requires server 8.2+, mongocryptd/crypt_shared 8.2+, and libmongocrypt 1.17.0+.
+
+Recreate `encryptedClient` with the same `AutoEncryptionOpts` as the setup. (Recreating prevents schema caching from
+impacting the test).
+
+Run an aggregate operation on `db.qe` with the following pipeline:
+
+```json
+[
+    {"$match" : {"qe" : "qe"}},
+    {
+        "$lookup" : {
+            "from" : "non_csfle_schema",
+            "as" : "matched",
+            "pipeline" : [ {"$match" : {"non_csfle_schema" : "non_csfle_schema"}}, {"$project" : {"_id" : 0, "__safeContent__" : 0}} ]
+        }
+    },
+    {"$project" : {"_id" : 0, "__safeContent__" : 0}}
+]
+```
+
+Expect one document to be returned matching: `{"qe" : "qe", "matched" : [ {"non_csfle_schema" : "non_csfle_schema"} ]}`.
+
 ### 26. Custom AWS Credentials
 
 These tests require valid AWS credentials for the remote KMS provider via the secrets manager (FLE_AWS_KEY and