fix: faq (ory#2101)

This patch 
- moves the FAQ to the Debug & Help section
- renames it to Tips & Troubleshooting
- moves many of the questions to documents where they fit better, reformatted and with added information where needed.
- also some other spelling/format fixes

See also ory/docusaurus-template#87

docs/docs/concepts/email-sms.md

@@ -102,7 +102,10 @@ indicate where your custom templates are located. This will become the
 `email.subject.gotmpl`, `email.body.gotmpl` and `email.body.plaintext.gotmpl`
 are common template file names expected in the sub directories of the root
 directory, corresponding to the respective methods for filling e-mail subject
-and body.
+and body. Both plain text and HTML templates are required. The courier uses them
+as
+[alternatives](https://github.com/ory/kratos/blob/master/courier/courier.go#L205)
+for fallback.
 
 > Templates use the golang template engine in the `text/template` package for
 > rendering the `email.subject.gotmpl` and `email.body.plaintext.gotmpl`

docs/docs/concepts/identity-schema.mdx

@@ -172,16 +172,22 @@ switch (session.Identity.SchemaID) {
 }
 ```
 
+### Sensitive Data in Identity Schema
+
 :::warning
 
-Please keep in mind that the Identity Schema is not a place to store sensitive
-information that should not be visible to the end-user! Users can see traits and
-other data - except credentials - using the `sessions/whoami` endpoint. The
-Identity Schema is not the right place to store data that should be obfuscated
-from the user!
+The Identity Schema is not a place to store sensitive information that should
+not be visible to the end-user!
 
 :::
 
+The Identity Schema is not the right place to store data that should be
+obfuscated from the user! Users can see traits and other data - except
+credentials - using the `sessions/whoami` endpoint. Users are also able to edit
+identity traits. Visit [this issue](https://github.com/ory/kratos/issues/47) for
+information on a feature that can be configured to prevent the end-user from
+viewing/editing identity traits.
+
 ## Identity Schema Vocabulary Extensions
 
 Because Ory Kratos does not know that a particular field has a system-relevant
@@ -319,3 +325,14 @@ contains more information and examples.
 
 There are currently no other extensions supported for Identity Traits. Further
 fields will be added in future releases!
+
+### Sanitize Usernames/Traits
+
+To make sure usernames (or traits) satisfy a specific regex (for example only
+alphanumeric characters), they can be sanitized. To sanitize usernames add
+[Regular Expressions](https://json-schema.org/understanding-json-schema/reference/string.html#regular-expressions)
+to the Ory Kratos Identity Schema. To sanitize usernames coming from third-party
+OIDC providers like
+[Google or GitHub](https://www.ory.sh/kratos/docs/next/guides/sign-in-with-github-google-facebook-linkedin)
+write [Jsonnet](https://jsonnet.org). Learn more about
+[Data Mapping with Jsonnet](../reference/jsonnet/).

docs/docs/debug/troubleshooting.md

@@ -0,0 +1,43 @@
+---
+id: troubleshooting
+title: Tips & Troubleshooting
+---
+
+:::info
+
+Please add your troubleshooting tricks and other tips to this document, You can
+either open a [discussion](https://github.com/ory/kratos/discussions) and ping
+`@ory/documenters` or
+[edit the page directly](https://github.com/ory/kratos/edit/master/docs/docs/debug/troubleshooting.md).
+
+:::
+
+### How can I separate customers/employee data, but have them use the same login dialog?
+
+> We want to separate our customers and employees, so we store them in different
+> databases. But we would like to have them use the same login dialog for our
+> portal.
+
+You can deploy Ory Kratos two times, and use the same login UI pointing to two
+different Kratos login endpoints - `/login/customer` or `/login/employee`,
+either by having two different login routes, or by adding some logic to your
+login UI that reroutes customers to `/login/customer` and employees to
+`/login/employee`. So you define the same login or registration UI URLs in both
+of the Kratos configurations. You may need to tell your login/registration UI
+which Kratos it is supposed to talk to. The instances are cheap to deploy and
+the databases are completely isolated from each other. For example something
+like `/login/customer` and `/login/employee`.
+
+### How can I verify in advance if a username is available during registration?
+
+You can not right now. It would allow account enumeration attacks. See also the
+[section in the documentation](https://www.ory.sh/kratos/docs/concepts/security/#account-enumeration).
+
+### Do have plans to support automatic user migration scenarios?
+
+> E.g. configure a callback to the legacy system when you cannot find the
+> corresponding user, and store the identity on successful legacy system
+> response.
+
+An alternative to callback and custom code is fronting the legacy system with
+Ory Hydra (OAuth2/OIDC Server) and then using that as an upstream in Ory Kratos.