feat: unify admin identity — SAAS_ADMIN_USER is the email in SaaS mode

Move deployment mode question before admin credentials so the installer
can validate email format in SaaS mode. Remove separate SAAS_ADMIN_EMAIL
— the admin user value IS the email address. In standalone mode, any
username is still accepted.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

templates/.env.example

@@ -50,11 +50,10 @@ CLICKHOUSE_PASSWORD=CHANGE_ME
 # ============================================================
 # Admin credentials (SaaS mode)
 # ============================================================
-# Email is the primary user identity in SaaS mode. The admin email
-# defaults to <SAAS_ADMIN_USER>@<PUBLIC_HOST> if not set explicitly.
-SAAS_ADMIN_USER=admin
+# In SaaS mode, this must be an email address (primary user identity).
+# In standalone mode, any username is accepted.
+SAAS_ADMIN_USER=admin@example.com
 SAAS_ADMIN_PASS=CHANGE_ME
-# SAAS_ADMIN_EMAIL=admin@example.com
 
 # ============================================================
 # Admin credentials (standalone mode)

templates/docker-compose.saas.yml

@@ -27,7 +27,6 @@ services:
       PG_DB_SAAS: cameleer_saas
       SAAS_ADMIN_USER: ${SAAS_ADMIN_USER:-admin}
       SAAS_ADMIN_PASS: ${SAAS_ADMIN_PASS:?SAAS_ADMIN_PASS must be set in .env}
-      SAAS_ADMIN_EMAIL: ${SAAS_ADMIN_EMAIL:-}
     extra_hosts:
       # Logto validates M2M tokens by fetching its own JWKS from ENDPOINT.
       # Route the public hostname back to the Docker host (Traefik on :443)