Tested with Provider Version
v1.6.1

Problem

When creating a CloudFoundryEnvironment, the initialOrgManagers field accepts only email addresses ([]string) without the ability to specify an Identity Provider origin per manager. The controller hardcodes the origin to sap.ids when adding Org Managers via the Cloud Foundry API:

// internal/clients/cfenvironment/cfenvironment.go
const defaultOrigin = "sap.ids"

for _, managerEmail := range cr.Spec.ForProvider.Managers {
    cloudFoundryClient.addManager(ctx, managerEmail, defaultOrigin)
}

This means users from a custom Identity Provider (e.g. a custom IAS tenant) cannot be added as CF Org Managers during environment creation. The CF API call CreateOrganizationRoleWithUsername always receives sap.ids as the origin, regardless of the user's actual IdP.

Notably, the User type defined in apis/environment/v1alpha1/cfenvironment_types.go already includes an Origin field and is used in the observation/status (CfEnvironmentObservation.Managers []User), but the spec uses []string instead of []User.

To Reproduce

1. Create a CloudFoundryEnvironment CR with a user from a custom IdP in spec.forProvider.initialOrgManagers
2. The controller calls the CF API with origin: sap.ids instead of the user's actual IdP origin
3. The user is either not found or assigned under the wrong identity

Expected behavior
Users from custom Identity Providers should be assignable as CF Org Managers. The initialOrgManagers field should support specifying the IdP origin per user, for example by using the existing User type (with username and origin fields) instead of plain strings.

Impact

In setups where a custom Identity Provider is used, no users from that IdP can be added as CF Org Managers during CloudFoundryEnvironment creation.

Additional context
The codebase already contains a User struct with an Origin field and a TODO comment suggesting this should be addressed:

// todo: default origin to "sap.ids", replace this with scim lookup