feat(medusa,utils,core-flows): add reset password metdata (#14417)

## Summary

**What**

Adds metadata field for reset password route that allows passing data from caller that can be found in the subscriber. 

## Checklist

Please ensure the following before requesting a review:

- [x] I have added a **changeset** for this PR
    - Every non-breaking change should be marked as a **patch**
    - To add a changeset, run `yarn changeset` and follow the prompts
- [x] The changes are covered by relevant **tests**
- [x] I have verified the code works as intended locally
- [ ] I have linked the related issue(s) if applicable


---

> [!NOTE]
> Introduces optional request `metadata` for reset-password and propagates it through to event subscribers.
> 
> - Accepts `metadata` in `ResetPasswordRequest` validator and `reset-password` route; forwards it to `generateResetPasswordTokenWorkflow`
> - Workflow now accepts `metadata` and includes it in emitted `auth.password_reset` event data
> - Updates event docs to mention `metadata` field
> - Adds integration test verifying `metadata` is emitted in the password reset event
> 
> <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7f9855feabed284336e8872eebfb18fe3bd320db. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>

packages/core/core-flows/src/auth/workflows/generate-reset-password-token.ts

@@ -1,3 +1,4 @@
+import type { ProjectConfigOptions } from "@medusajs/framework/types"
 import {
   AuthWorkflowEvents,
   generateJwtToken,
@@ -9,7 +10,6 @@ import {
   WorkflowResponse,
 } from "@medusajs/framework/workflows-sdk"
 import { emitEventStep, useRemoteQueryStep } from "../../common"
-import type { ProjectConfigOptions } from "@medusajs/framework/types"
 
 /**
  * This workflow generates a reset password token for a user. It's used by the
@@ -48,6 +48,7 @@ export const generateResetPasswordTokenWorkflow = createWorkflow(
     provider: string
     secret: ProjectConfigOptions["http"]["jwtSecret"]
     jwtOptions?: ProjectConfigOptions["http"]["jwtOptions"]
+    metadata?: Record<string, unknown>
   }) => {
     const providerIdentities = useRemoteQueryStep({
       entry_point: "provider_identity",
@@ -95,6 +96,7 @@ export const generateResetPasswordTokenWorkflow = createWorkflow(
         entity_id: input.entityId,
         actor_type: input.actorType,
         token,
+        metadata: input.metadata ?? {},
       },
     })
 

packages/core/utils/src/core-flows/events.ts

@@ -51,7 +51,7 @@ export const CartWorkflowEvents = {
 
   /**
    * Emitted when the customer in the cart is transferred.
-   * 
+   *
    * @since 2.8.0
    *
    * @eventPayload
@@ -365,6 +365,7 @@ export const AuthWorkflowEvents = {
    *   entity_id, // The identifier of the user or customer. For example, an email address.
    *   actor_type, // The type of actor. For example, "customer", "user", or custom.
    *   token, // The generated token.
+   *   metadata, // Optional custom metadata passed from the request.
    * }
    * ```
    */
@@ -937,7 +938,7 @@ export const PaymentEvents = {
 export const TranslationWorkflowEvents = {
   /**
    * Emitted when translations are created.
-   * 
+   *
    * @since 2.12.3
    * @featureFlag translation
    * @eventPayload
@@ -974,4 +975,4 @@ export const TranslationWorkflowEvents = {
    * ```
    */
   DELETED: "translation.deleted",
-}
+}