Allow removal of last credential

[Sajuno]

Preflight checklist

• [x] I could not find a solution in the existing issues, docs, nor discussions.
• [x] I agree to follow this project's Code of Conduct.
• [x] I have read and am following this repository's Contribution Guidelines.
• [x] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

We're running into an issue when removing credentials from identities, in that it's impossible to remove the last one. It seems this is intended as a way to make sure that the identity remains able to authenticate somehow, but for us this can be problematic as identities can be meaningful to our product without users attached.

Describe your ideal solution

I think a configuration option on a project to allow/disallow this would be great, as I can imagine that in many cases it's a nice protection.

Workarounds or alternatives

• Using PUT to overwrite the entire identity, but this requires introspecting the current identity before attempting the removal. It's also racy when other updates happen concurrently.
• Giving every identity a bogus credential by default that is never shown to our customers.

Version

Ory Network

Additional Context

No response