fix: update code after upstream merge and run formatting

- Format code with gofmt to pass CI checks
- Update createAccountFromExternalIdentity call signature in scim_test.go
  to match new 5-parameter signature (added emailOptional boolean)
- Update vendor directory with missing dependencies
- Resolve merge conflict in configuration.go preserving both SCIM and
  new Experimental/Reloading configurations

All linting and security checks pass (gofmt, go vet, staticcheck, gosec).
Tests run successfully except for pre-existing SAML test issue unrelated
to SCIM changes.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: felixmccuaig

internal/api/middleware_test.go

@@ -511,52 +511,52 @@ func (ts *MiddlewareTestSuite) TestDatabaseCleanup() {
 }
 
 func TestRequireSCIMEnabled(t *testing.T) {
-    api := &API{config: &conf.GlobalConfiguration{}}
-    // disabled
-    req := httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
-    w := httptest.NewRecorder()
-    _, err := api.requireSCIMEnabled(w, req)
-    require.Error(t, err)
-
-    // enabled
-    api.config.SCIM.Enabled = true
-    _, err = api.requireSCIMEnabled(w, req)
-    require.NoError(t, err)
+	api := &API{config: &conf.GlobalConfiguration{}}
+	// disabled
+	req := httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
+	w := httptest.NewRecorder()
+	_, err := api.requireSCIMEnabled(w, req)
+	require.Error(t, err)
+
+	// enabled
+	api.config.SCIM.Enabled = true
+	_, err = api.requireSCIMEnabled(w, req)
+	require.NoError(t, err)
 }
 
 func TestRequireSCIMAuth_BearerAndBasic(t *testing.T) {
-    api := &API{config: &conf.GlobalConfiguration{}}
-    api.config.SCIM.Enabled = true
-
-    // Bearer token success
-    api.config.SCIM.Tokens = []string{"tok"}
-    req := httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
-    req.Header.Set("Authorization", "Bearer tok")
-    w := httptest.NewRecorder()
-    _, err := api.requireSCIMAuth(w, req)
-    require.NoError(t, err)
-
-    // Bearer token failure
-    req = httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
-    req.Header.Set("Authorization", "Bearer wrong")
-    w = httptest.NewRecorder()
-    _, err = api.requireSCIMAuth(w, req)
-    require.Error(t, err)
-
-    // Basic success
-    api.config.SCIM.Tokens = nil
-    api.config.SCIM.BasicUser = "u"
-    api.config.SCIM.BasicPassword = "p"
-    req = httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
-    req.SetBasicAuth("u", "p")
-    w = httptest.NewRecorder()
-    _, err = api.requireSCIMAuth(w, req)
-    require.NoError(t, err)
-
-    // Basic failure
-    req = httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
-    req.SetBasicAuth("u", "wrong")
-    w = httptest.NewRecorder()
-    _, err = api.requireSCIMAuth(w, req)
-    require.Error(t, err)
+	api := &API{config: &conf.GlobalConfiguration{}}
+	api.config.SCIM.Enabled = true
+
+	// Bearer token success
+	api.config.SCIM.Tokens = []string{"tok"}
+	req := httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
+	req.Header.Set("Authorization", "Bearer tok")
+	w := httptest.NewRecorder()
+	_, err := api.requireSCIMAuth(w, req)
+	require.NoError(t, err)
+
+	// Bearer token failure
+	req = httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
+	req.Header.Set("Authorization", "Bearer wrong")
+	w = httptest.NewRecorder()
+	_, err = api.requireSCIMAuth(w, req)
+	require.Error(t, err)
+
+	// Basic success
+	api.config.SCIM.Tokens = nil
+	api.config.SCIM.BasicUser = "u"
+	api.config.SCIM.BasicPassword = "p"
+	req = httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
+	req.SetBasicAuth("u", "p")
+	w = httptest.NewRecorder()
+	_, err = api.requireSCIMAuth(w, req)
+	require.NoError(t, err)
+
+	// Basic failure
+	req = httptest.NewRequest(http.MethodGet, "/scim/v2/Users", nil)
+	req.SetBasicAuth("u", "wrong")
+	w = httptest.NewRecorder()
+	_, err = api.requireSCIMAuth(w, req)
+	require.Error(t, err)
 }