fix(auth): allow email addresses as usernames in Create User API

[DarkBird10020]

Proposed changes

This PR fixes Issue #5413 where the Create User API rejects email-based usernames due to the strict 3–16 character / alphanumeric-only validation. Since Dex login uses the user’s email as username, pre-creating users via API with their email was not possible.

What changed

• Updated ValidateStrictUsername to accept email addresses as valid usernames (up to 255 chars) while preserving the existing strict rules for non-email usernames.
• This enables admins to pre-create users using full emails (e.g. john.smith.long@example.com) so Dex login can match the pre-created account.

Why this is safe

• Backwards compatible: non-email usernames still follow the original strict validation.
• Only affects username validation at user creation/update entrypoint(s) that call this validator.
• Does not modify Dex flow; it just aligns API validation with how Dex already populates usernames.

Files changed

• chaoscenter/authentication/pkg/utils/sanitizers.go

Test plan

• Create a user via API with username = john.smith.long@example.com → should succeed
• Create a user with an invalid email username (e.g. user@) → should fail
• Create a user with a regular username within 3–16 chars (e.g. test_user) → should still succeed
• Login via Dex with the same email → should match the pre-created user account

Type of change

• Bugfix (non-breaking change which fixes an issue)

[SarthakJain26]

@DarkBird10020 can you please confirm what happens when an user has created a account using dex and then used the same email as username to create another account this time without dex.

[PriteshKiri]

@DarkBird10020 any updates??