chore: rename IdentityProvider to UserIdentity for clarity

Rename IdentityProvider types to UserIdentity to better reflect that
these resources represent a user's identity within an external provider
(e.g., GitHub, Google), not the identity provider itself.

Changes:
- Rename IdentityProvider → UserIdentity
- Rename IdentityProviderStatus → UserIdentityStatus
- Rename IdentityProviderList → UserIdentityList
- Rename file: identityprovider_types.go → useridentity_types.go
- Update resource permissions in iam-user-self-manage role:
  - identity.miloapis.com/identityproviders.* → useridentities.*
- Add comprehensive documentation explaining:
  - What UserIdentity represents (user's linked identity, not the provider)
  - Use cases (UI display, federated identity visibility)
  - Important notes (read-only, no sensitive data exposed)
- Update type registration in register.go
- Regenerate deepcopy and OpenAPI definitions

This change improves semantic clarity and addresses feedback that the
original naming was confusing about whether it represented the provider
service or the user's identity within that provider.

Author: OscarLlamas6

config/roles/iam-user-self-manage.yaml

@@ -17,5 +17,7 @@ spec:
   - identity.miloapis.com/sessions.list
   - identity.miloapis.com/sessions.get
   - identity.miloapis.com/sessions.delete
+  - identity.miloapis.com/useridentities.list
+  - identity.miloapis.com/useridentities.get
   - iam.miloapis.com/userinvitations.get
   - iam.miloapis.com/userinvitations.list

pkg/apis/identity/v1alpha1/identityprovider_types.go

@@ -31,8 +31,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&Session{},
 		&SessionList{},
-		&IdentityProvider{},
-		&IdentityProviderList{},
+		&UserIdentity{},
+		&UserIdentityList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

pkg/apis/identity/v1alpha1/register.go

@@ -0,0 +1,58 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// UserIdentity represents a user's linked identity within an external identity provider.
+//
+// This resource describes the connection between a Milo user and their account in an
+// external authentication provider (e.g., GitHub, Google, Microsoft). It is NOT the
+// identity provider itself, but rather the user's specific identity within that provider.
+//
+// Use cases:
+//   - Display all authentication methods linked to a user account in the UI
+//   - Show which external accounts a user has connected
+//   - Provide visibility into federated identity mappings
+//
+// Important notes:
+//   - This is a read-only resource for display purposes only
+//   - Identity management (linking/unlinking providers) is handled by the external
+//     authentication provider (e.g., Zitadel), not through this API
+//   - No sensitive credentials or tokens are exposed through this resource
+//
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type UserIdentity struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Status UserIdentityStatus `json:"status,omitempty"`
+}
+
+// UserIdentityStatus contains the details of a user's identity within an external provider.
+// All fields are read-only and populated by the authentication provider.
+type UserIdentityStatus struct {
+	// UserUID is the unique identifier of the Milo user who owns this identity.
+	UserUID string `json:"userUID"`
+
+	// ProviderID is the unique identifier of the external identity provider instance.
+	// This is typically an internal ID from the authentication system.
+	ProviderID string `json:"providerID"`
+
+	// ProviderName is the human-readable name of the identity provider.
+	// Examples: "GitHub", "Google", "Microsoft", "GitLab"
+	ProviderName string `json:"providerName"`
+
+	// Username is the user's username or identifier within the external identity provider.
+	// This is the name the user is known by in the external system (e.g., GitHub username).
+	Username string `json:"username"`
+}
+
+// UserIdentityList is a list of UserIdentity resources.
+//
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type UserIdentityList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []UserIdentity `json:"items"`
+}