GitLab and GitHub using lf_email key to populate DocuSign

[jarias-lfx]

Summary

Received a report from a user saying an email that is not available in GitHub nor in SSO was used in the DocuSign form. This shouldn't be the case.

Background

Analyzing the information I noticed the email was picked from lf_email key in the users table, this lf_email gets populated with the LFID primary email address, mostly used for Gerrit or CLA Manager information in CCLA (CLA Corporate Console), if the user does not interact with any of these platforms, the users table never updates the lf_email information, even when the user removes the email from the account.
The reason of this occurrence is because EasyCLA probably uses the lf_email and user_emails keys to automatically populate the email information when attempting to sign the CLA in DocuSign.

Expected behavior

We need to define what email key from the users table is used for DocuSign.
Gerrit: use lf_email as the signature is tied to the SSO (LFID) account of the contributor.
GitHub and GitLab: only use user_emails, since this key gets populated from GitHub and GitLab accounts automatically.

[lukaszgryglicki]

Just to confirm, on slack there was a 2nd part and make sure lf_email gets correctly updated which means updating user's lf_email when we have a "new" value for it.
I've implemented a PR yesterday that does everything described in this issue (1) and also (2) and make sure lf_email gets correctly updated.

Should I update #4936 and remove everything related to (2) or should we add (2) to this issue specs?

cc @mlehotskylf @jarias-lfx ?

[lukaszgryglicki]

Alternate PR: #4944, also see: https://linuxfoundation.slack.com/archives/C0697E1QHNG/p1773901758857539

[lukaszgryglicki]

This was closed: #4936, we decided to go with #4944.

[lukaszgryglicki]

This is deployed to dev - prod PR and then release will follow.