Enforce consistency when creating Teleport Cloud users using Terraform

[philip-teleport]

What would you like Teleport to do?

When users with "email-like" usernames are created on Teleport Cloud using the Terraform Provider, email invites are not sent automatically to the users.

Also, the Terraform Provider allows you to create local users without an "email-like" username on Teleport Cloud which is not support through the web UI.

What problem does this solve?

Sending emails to users created using Terraform would allow user creation on Teleport Cloud to be fully automated and not require an admin to use "Reset Authentication" to send the email after the user is created.

If a workaround exists, please include it.

An admin must manually use the "Reset Authentication" option to send an email invite to a new Cloud user created using Terraform.

[philip-teleport]

Related to #40398

[hugoShaka]

Non-email users are required for several setups, including MachineID. We must not block creating non email users as this would break:

• MachineID as implemented pre-bot resource, bots are users too
• Customers not relying on automated mail emission and creating local users without email addresses

When creating users with Terraform/kube-operator/tctl you are responsible for generating the password reset link/token and sending it to the users, as described in the IaC guide: https://goteleport.com/docs/management/dynamic-resources/user-and-role/#step-44-create-a-password-reset-link.