Do not allow a standalone * as an ID

[rhamzeh]

As part of the new validation functions, object uses the object and the type + id rules, user uses: object or object + relation or type + id

See: https://github.com/openfga/language/blob/main/pkg/js/validator/validate-rules.ts

For DX reasons, because user:* has very specific interpretation when used as a user, we should not allow objects to be user:* (user:an*ne and user:*anne* should still be allowed). Allowing them leads confusion and causes some users to mistakenly think that the below means anne will have access to all documents:

- user: user:anne
  relation: viewer
  object: document:*

One way of doing this is by changing this ID regex from:

• [^#:\\s]+
  to
• (?=[^\\*])[^#:\\s]+
  but other methods are also OK.

The result should be that calling ValidateObject('user:*') or ValidateUser('team:*#member') should fail but ValidateUser('user:*') should succeed

Note that the OpenFGA API currently allows user:* and document:* as an object, and this would be a breaking change.

We should raise this with the server team as well as with the community to ensure that their use-cases are still being met (in case anyone is using <type>:* as an object).