Federated users should be updated by their federated user ID

For example, Twitter (X) users can change their email and their fedUser.UserID should be used to query and update their info, instead of creating a new user.

In the worst case, this can be a security issue. The user may have used an email alias to register the ID provider, and someone else took over that alias after the original owner thought they had updated all platforms registered with it.

It would be nice for the custom SSO payload to also have an optional field for the federated user ID.