fix: pass sessionID to OTP email link (#8745)

# Which Problems Are Solved

OTP Email links currently could not use / include the sessionID they
belong to. This prevents an easy use for redirecting and handling OTP
via email through the session API.

# How the Problems Are Solved

Added the sessionID as placeholder for the OTP Email link template.

# Additional Changes

List all available placeholders in the url_templates of V2 endpoints.

# Additional Context

- discussed in a customer meeting

proto/zitadel/session/v2/challenge.proto

@@ -42,13 +42,16 @@ message RequestChallenges {
   }
   message OTPEmail {
     message SendCode {
+      // Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page.
+      // If no template is set, the default ZITADEL url will be used.
+      //
+      // The following placeholders can be used: Code, UserID, LoginName, DisplayName, PreferredLanguage, SessionID
       optional string url_template = 1 [
         (validate.rules).string = {min_len: 1, max_len: 200},
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
           min_length: 1;
           max_length: 200;
           example: "\"https://example.com/otp/verify?userID={{.UserID}}&code={{.Code}}\"";
-          description: "\"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used.\""
         }
       ];
     }