Use Identity Store UserStatus field for SSO user status

[c1-dev-bot]

Summary

• Check the UserStatus field from the AWS Identity Store API before falling back to SCIM for user status
• Upgrades identitystore SDK from v1.25.4 to v1.36.1 to access the new UserStatus field (added Nov 6, 2025)
• Fixes status visibility for Identity Centre Directory users where SCIM is unavailable
• Reduces per-user SCIM API calls when status is already available from the Identity Store API

Changes

pkg/connector/sso_user.go: Modified the user listing loop to check user.UserStatus from the Identity Store API first via a switch statement. Only falls back to the SCIM getUserStatus() call when the Identity Store API doesn't provide a status (empty/unknown value).

go.mod / vendor/: Upgraded github.com/aws/aws-sdk-go-v2/service/identitystore from v1.25.4 to v1.36.1 to get access to UserStatus field and UserStatusEnabled/UserStatusDisabled constants on the types.User struct.

Automated PR Notice

This PR was automatically created by c1-dev-bot as a potential implementation.

This code requires:

• Human review of the implementation approach
• Manual testing to verify correctness
• Approval from the appropriate team before merging

Test plan

• Verify build passes (go build ./...)
• Verify tests pass (go test ./...)
• Test with an Identity Centre Directory user that has UserStatus: ENABLED
• Test with an Identity Centre Directory user that has UserStatus: DISABLED
• Test with a user where UserStatus is empty (should fall back to SCIM)
• Test with SCIM disabled and UserStatus empty (should return STATUS_UNSPECIFIED)

Resolves EPD-1531

[linear]

EPD-1531 baton-aws doesn't use UserStatus field for Identity Center users