xauth_pam: mangling email addresses should be optional
xauth_pam takes the liberty of detecting email addresses submitted as usernames and stripping off everything from '@' on. This may be appropriate in some cases when authenticating against the system user database, but it's certainly not correct in the general case.
The attached diff adds the charon.plugins.xauth-pam.trim_email option, which can be used to turn this off. It defaults to TRUE for backwards compatibility.