fix(scim): add type attribute to ScimEmail (#9690)

# Which Problems Are Solved

- SCIM PATCH operations for users from Entra ID for the `emails`
attribute fails due to missing `type` subattribute

# How the Problems Are Solved

- Adds the `type` attribute to the `ScimUser` struct and sets the
default value to `"work"` in the `mapWriteModelToScimUser()` method.

# Additional Changes

# Additional Context

The SCIM handlers for POST and PUT ignore multiple emails and only uses
the primary email for a given user, or falls back to the first email if
none are marked as primary. PATCH operations however, will attempt to
resolve the provided filter in `operations[].path`.

Some services, such as Entra ID, only support patching emails by
filtering for `emails[type eq "(work|home|other)"].value`, which fails
with Zitadel as the ScimUser struct (and thus the generated schema)
doesn't include the `type` field.

This commit adds the `type` field to work around this issue, while still
preserving compatibility with filters such as `emails[primary eq
true].value`.

-
https://discord.com/channels/927474939156643850/927866013545025566/1356556668527448191

---------

Co-authored-by: Christer Edvartsen <christer.edvartsen@nav.no>
Co-authored-by: Thomas Siegfried Krampl <thomas.siegfried.krampl@nav.no>

internal/api/scim/metadata/metadata.go

@@ -30,6 +30,7 @@ const (
 	KeyAddresses                Key = KeyPrefix + "addresses"
 	KeyEntitlements             Key = KeyPrefix + "entitlements"
 	KeyRoles                    Key = KeyPrefix + "roles"
+	KeyEmails                   Key = KeyPrefix + "emails"
 )
 
 var (
@@ -47,6 +48,7 @@ var (
 		KeyAddresses,
 		KeyEntitlements,
 		KeyRoles,
+		KeyEmails,
 	}
 
 	AttributePathToMetadataKeys = map[string][]Key{
@@ -64,6 +66,7 @@ var (
 		"addresses":            {KeyAddresses},
 		"entitlements":         {KeyEntitlements},
 		"roles":                {KeyRoles},
+		"emails":               {KeyEmails},
 	}
 )