CH-221 fix: Use kc_id instead of inconsistent kc_username or kc_email for user sync

[afonsobspinto]

Closes https://metacell.atlassian.net/browse/CH-221

Implemented solution

User.objects.get(username=kc_user["email"]) was trying to find users by email but searching the username field, causing User.DoesNotExist errors when Keycloak username ≠ email.

This PR replaces it with get_user_by_kc_id(kc_user["id"]) which uses the reliable Keycloak ID for lookup.

How to test this PR

Sync keycloak users with Django users with at least 1 user where kc username differs from kc email.

Sanity checks:

• The pull request is explicitly linked to the relevant issue(s)
• The issue is well described: clearly states the problem and the general proposed solution(s)
• In this PR it is explicitly stated how to test the current change
• The labels in the issue set the scope and the type of issue (bug, feature, etc.)
• The relevant components are indicated in the issue (if any)
• All the automated test checks are passing
• All the linked issues are included in one Sprint
• All the linked issues are in the Review state
• All the linked issues are assigned

Breaking changes (select one):

• The present changes do not change the preexisting api in any way
• This PR and the issue are tagged as a breaking-change and the migration procedure is well described above

Possible deployment updates issues (select one):

• There is no reason why deployments based on CloudHarness may break after the current update
• This PR and the issue are tagged as alert:deployment

Test coverage (select one):

• Tests for the relevant cases are included in this pr
• The changes included in this pr are out of the current test coverage scope

Documentation (select one):

• The documentation has been updated to match the current changes
• The changes included in this PR are out of the current documentation scope

[Copilot]

Pull Request Overview

This PR fixes a user synchronization bug where the code was incorrectly searching for users by email in the username field, causing User.DoesNotExist errors when Keycloak username differs from email. The fix replaces the inconsistent username/email lookup with reliable Keycloak ID-based user identification.

• Replace User.objects.get(username=kc_user["email"]) with get_user_by_kc_id(kc_user["id"])
• Add proper handling for new user creation with fallback username logic
• Update admin user comparison to use Keycloak ID instead of email
• Add missing user.member.save() call for consistency

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[afonsobspinto]

Might have been superseded by #819

[filippomc]

Merging this issue fix to the CH-220 issue PR.

[filippomc]

This is unnecessary, emails are unique

[afonsobspinto]

From accounts settings I see we can activate duplicate emails:

Admittedly I never had the need to activate it but ideally I would prefer cloudharness_django to allow it if we eventually need

[filippomc]

Closing this as we are addressing this issue within #819