fix(vk): tolerate accounts without email (#338)

[yabanci]

What

Closes #338.

VK's OAuth2 token endpoint omits the top-level email field when the user has no email in their VK profile (VK has allowed registration without email since ~2018). The current code treats this as a fatal error:

email, ok := token.Extra("email").(string)
if !ok {
    return "", errors.New("Cannot fetch user email")
}

…which means accounts without an email can't complete OAuth at all.

Change

Make email optional in providers/vk/session.go:

if email, ok := token.Extra("email").(string); ok {
    s.email = email
}

• Accounts with email: unchanged — Session.email is populated and propagated to goth.User.Email.
• Accounts without email: no longer fail; goth.User.Email is empty, matching the contract already used by providers like Twitter where email is opt-in.

Backward compatibility

The original issue author (@nikita-vanyasin) wondered whether fixing this in-place would break existing users. In practice it cannot: the only callers affected are those that were already getting "Cannot fetch user email" and thus already broken. Callers that received an email continue to receive it.

If a downstream caller really needs to enforce an email, they can already do so by checking user.Email == "" after gothic.CompleteUserAuth — which is the standard pattern for optional-email providers.

Tests

Added providers/vk/authorize_internal_test.go with two subtests using httptest.Server to mock the token endpoint:

• TestAuthorize_PopulatesEmailWhenPresent — happy path, regression-guards existing behaviour.
• TestAuthorize_NoErrorWhenEmailMissing — fails on master, passes with this fix.

Verified locally: the new regression test fails when the patch is reverted and passes with it applied. Full go test ./... is green; go vet ./... is clean.