Okta: populate user.email when user name is an email address (#14148)

According to ECS documentation about user fields usage[1]: - When a system uses an email address as the main identifier, populate both user.id and user.email with it. This change copies the `user.name` field into the `user.email` field to align with all other integrations where the main user identifier is an email address, including Entity Analytics Okta. This should help to who wants to correlate email addresses between integrations. In this case, the user email is not dissected into `user.name@user.domail` as for the Okta ecosystem, the user part of the email doesn't make sense by itself. [1] https://www.elastic.co/docs/reference/ecs/ecs-user-usage#ecs-user-identifiers

Author: chemamartinez

packages/okta/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.10.0"
+ changes:
+ - description: Populate `user.email` from `user.name` when contains an email address to align with EntityAnalytics Okta and the other integrations.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/14148
 - version: "3.9.0"
  changes:
  - description: Parse `transaction.detail.rootApiTokenId` and `authenticationContext.rootSessionId` fields in pipeline.

packages/okta/data_stream/system/_dev/test/pipeline/test-okta-system-events.json-expected.json

@@ -14,6 +14,7 @@
  },
  "ip": "175.16.199.1",
  "user": {
+ "email": "username@elastic.co",
  "full_name": "xxxxxx",
  "id": "00u1abvz4pYqdM8ms4x6",
  "name": "username@elastic.co"
@@ -129,12 +130,14 @@
  },
  "ip": "175.16.199.1",
  "user": {
+ "email": "username@elastic.co",
  "full_name": "xxxxxx",
  "id": "00u1abvz4pYqdM8ms4x6",
  "name": "username@elastic.co"
  }
  },
  "user": {
+ "email": "username@elastic.co",
  "full_name": "xxxxxx",
  "name": "username@elastic.co"
  },