Usernames with leading slashes are allowed but goes into a locked state

[rksk]

Describe the issue: The default configs in the product is allowing to create users like /abc/xyz through SCIM. But thereafter, that user goes into a locked state and unable list users via SCIM or delete that user from any API. The only solution is to delete all the references of that user directly from the DB.

We can have a regex like below to avoid this. But the default product pack is not avoiding this scenario.

username_java_script_regex = '^[a-zA-Z0-9._\-|]{3,30}$'
username_java_regex = '^[a-zA-Z0-9._\-|]{3,30}$'

How to reproduce:

• Create a user with username /abc/xyz through SCIM
• Try to list users via SCIM
• Try to delete that user from the management console

Expected behavior:

• Either it should not allow creating this type of usernames or support these usernames as well

Environment information

• Product Version: IS 5.10.0
• Database: H2
• Userstore: JDBC

[VivekVinushanth]

The tests are breaking for this due to the update on minimum character length (from 3 to 5)

1. PR builders
2. Dependency updater (Refer https://github.com/wso2/product-is/actions/runs/3083447520)

We better update the tests or revert this PR to stabilize the tests.

[VivekVinushanth]

And don't we need to have a migration issue since this will affect the default behavior when migration since the min character length is changed?