feat: Add loginUsername support to CSV user import for external OAuth

[ustraria]

Issue #, if available:

Description of changes:

• Added loginUsername support to CSV user import. This allows administrators to specify the OAuth provider username when bulk importing users for external OAuth setups

Changes:

• Handler: Updated UserService.importUsers() to parse and store loginUsername from CSV
• Handler: Updated getNewUserEntity() to accept loginUsername parameter
• Handler: Added unit test assertions for loginUsername parsing
• Web Client: Updated import help text to document the new loginUsername field

Why is this change necessary:
For external OAuth providers like AWS Cognito, userId is typically a UUID (sub claim) while loginUsername is the human-readable username. This change enables pre-provisioning users with their loginUsername via CSV import, which is useful for setting up user permissions before their first login.

How was this change tested:

• Updated or added new unit tests.
• Updated or added new integration tests.

Manually tested:

• CSV import with loginUsername column (values populated and empty)
• Verified backward compatibility with CSV files without loginUsername column
• Verified loginUsername values stored correctly in DynamoDB

Any additional information or context required to review the change:

Documentation Checklist:

• Updated the README if applicable. n/a updated import-users-constants.tsx which has instructions.
• Updated the THIRD-PARTY-LICENSES file if applicable. n/a

Compatibility Checklist:

• I confirm that the change is backwards compatible.
• There is no modification of dependencies or if there is, a corresponding update to THIRD-PARTY-LICENSES is part of the commit.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[github-actions]

Coverage Report

Component	Lines	Branches
dcv-access-console-handler	90.23%	79.62%
dcv-access-console-web-client	19.79%	9.68%
dcv-access-console-auth-server	58.39%	22.22%
dcv-access-console-configuration-wizard	6.27%	0.14%

[mitshiv1905]

Should we add loginUsername after userId since it is semantically closer to userId?

[ustraria]

Sure, updated.

[mitshiv1905]

Pass userId as default loginUsername

[ustraria]

Updated.

[github-actions]

Coverage Report

Component	Lines	Branches
dcv-access-console-handler	90.23%	79.62%
dcv-access-console-web-client	19.79%	9.68%
dcv-access-console-auth-server	58.39%	22.22%
dcv-access-console-configuration-wizard	6.27%	0.14%

[mitshiv1905]

loginUsername still at the end? Didn't we have to update the tests?

[ustraria]

Tests were updated because of change where loginUsername defaults to userId instead of null. For the CSV parsing the column order doesn't matter due to the @CsvBindByName annotations, which map columns by header name , not by position.

[mitshiv1905]

Wondering if we should add the validations similar to what you added for default groupIds for the importUsers values since they will also not be coming from the web client

[ustraria]

The validations are not consistent between the values from importUsers and the claims. I don't think there is validation on loginUsername besides character length from claims or in importUsers. For groups in importUsers there is also not validation. We could add validation for groups for importUsers to match?