Possible to create User without Person in confirm_account view

[jennifer-richards]

While investigating the 2024-01-16 creation of a User record without an associated Person, came across this bit of code where a failure might cause this:

https://github.com/ietf-tools/datatracker/blob/db2f7362c567bbec73283bca00683f3395d679c9/ietf/ietfauth/views.py#L233-L252

Note that a User is created, some logic is applied, and then a Person is created if necessary. Either an outright failure or an error in the logic could leave behind a User with no Person.

This should be refactored to guarantee that the User exists only if Person is not empty.

[jennifer-richards]

I don't think the particular problem that inspired this report was caused by a person merge - the User left behind still had is_active=True, but merging records deactivates the user of the merged-away Person.

It's possible something went wrong during a merge, though I don't recall any error reports. (I also don't know how a failure could have occurred during the confirm_account() call without sending a failure email to the admins, so there's mysteries)