fix(dashboard): allow deleting SCM identities with slash in provider key

[coopernetes]

Summary

• Fixes Failed to remove SCM identity (HTTP 400) when the provider ID contains a / (e.g. github/<host> for a GHES deployment).
• Root cause: GitProxyProvider.getProviderId() synthesizes {type}/{host}. When embedded in a DELETE URL path, the / encodes to %2F and Spring Security's default StrictHttpFirewall rejects the request with HTTP 400 before the controller runs — so the store-layer LockedByConfigException path and hooks never get a chance.
• Fix: swap / ↔ @ at the URL boundary only. Frontend's providerToPathKey() encodes / → @ on the way out; ProfileController / UserController reverse it before calling the user store. @ is legal in URL path segments (RFC 3986 sub-delims) and never appears in DNS hostnames, so the mapping is unambiguous.
• Internal format is unchanged: DB (user_scm_identities.provider), token cache keys, permissions, and all core code still see {type}/{host}. No migration needed.

Affects:

• DELETE /api/me/identities/{provider}/{scmUsername}
• DELETE /api/users/{u}/identities/{provider}/{scmUsername}

Also folds in an unrelated Dockerfile doc fix (config profile example) and a palantir-format reflow in SecurityConfig.java that were sitting in the working tree.

Test plan

• Start dashboard against an h2-file DB with a GHES-style provider configured (type github, non-default host).
• From the Profile page, add a bogus SCM identity for that provider; verify it appears.
• Remove the identity; verify it disappears without the HTTP 400 error.
• Repeat via the admin Users page (UserController route) to cover both endpoints.
• Confirm identities for providers without a host component (e.g. default github/github.com) still remove cleanly — ensures the @ swap doesn't break the common case.