Consider updating user/object regex validation

[miparnisari]

Here:

api/openfga/v1/openfga_service.proto

Lines 1134 to 1159 in c96ec77

	string user = 1 [
	(google.api.field_behavior) = REQUIRED,
	(validate.rules).string = {pattern: "^[^\\s]{2,512}$"},
	(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
	max_length: 512
	example: "\"user:anne\""
	}
	];
	string relation = 2 [
	(google.api.field_behavior) = REQUIRED,
	(validate.rules).string = {pattern: "^[^:#@\\s]{1,50}$"},
	(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
	max_length: 50
	example: "\"reader\""
	}
	];
	string object = 3 [
	(google.api.field_behavior) = REQUIRED,
	(validate.rules).string = {pattern: "^[^\\s]{2,256}$"},
	(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
	max_length: 256
	example: "\"document:2021-budget\""
	}
	];

the regexes are not checking for character length or many characters that are likely invalid such as Unicode control characters like U+0000 (null).

Originally posted by @senojj in openfga/openfga#1825 (comment)

[rhamzeh]

Transferring this issue to the API repo