[PM-30563] Change error response on Send Access token request (#6911)

* feat: remove invalid email response and instead return email and OTP required to protect against enumeration attacks.

* fix: fixing tests and dotnet format

test/Identity.IntegrationTest/RequestValidation/SendAccess/SendEmailOtpReqestValidatorIntegrationTests.cs

@@ -85,7 +85,7 @@ public class SendEmailOtpRequestValidatorIntegrationTests(IdentityApplicationFac
         // Assert
         var content = await response.Content.ReadAsStringAsync();
         Assert.Contains(OidcConstants.TokenErrors.InvalidRequest, content);
-        Assert.Contains("email otp sent", content);
+        Assert.Contains("email and otp are required", content);
     }
 
     [Fact]

test/Identity.IntegrationTest/RequestValidation/SendAccess/SendNeverAuthenticateRequestValidatorTest.cs

@@ -63,7 +63,7 @@ public class SendNeverAuthenticateRequestValidatorIntegrationTests(
     }
 
     [Fact]
-    public async Task SendAccess_NeverAuthenticateSend_WithEmail_ReturnsEmailInvalid()
+    public async Task SendAccess_NeverAuthenticateSend_WithEmail_ReturnsEmailAndOtpRequired()
     {
         // Arrange
         var email = "test@example.com";
@@ -77,10 +77,10 @@ public class SendNeverAuthenticateRequestValidatorIntegrationTests(
         var content = await response.Content.ReadAsStringAsync();
 
         // should be invalid grant
-        Assert.Contains(OidcConstants.TokenErrors.InvalidGrant, content);
+        Assert.Contains(OidcConstants.TokenErrors.InvalidRequest, content);
 
         // Try to compel the invalid email error
-        var expectedError = SendAccessConstants.EmailOtpValidatorResults.EmailInvalid;
+        var expectedError = SendAccessConstants.EmailOtpValidatorResults.EmailAndOtpRequired;
         Assert.Contains(expectedError, content);
     }