fix: include dormant users in template acl query (#14461)

The issue is that if you add a user and then immediately go to give them
permissions, you can add them but they will not show up in the UI.  They
also do not show up in the audit log entry.

enterprise/coderd/templates_test.go

@@ -1025,6 +1025,46 @@ func TestTemplateACL(t *testing.T) {
 		require.Len(t, acl.Users, 0, "deleted users should be filtered")
 	})
 
+	// Test that we do not filter dormant users.
+	t.Run("IncludeDormantUsers", func(t *testing.T) {
+		t.Parallel()
+
+		client, user := coderdenttest.New(t, &coderdenttest.Options{LicenseOptions: &coderdenttest.LicenseOptions{
+			Features: license.Features{
+				codersdk.FeatureTemplateRBAC: 1,
+			},
+		}})
+		anotherClient, _ := coderdtest.CreateAnotherUser(t, client, user.OrganizationID, rbac.RoleTemplateAdmin(), rbac.RoleUserAdmin())
+
+		ctx := testutil.Context(t, testutil.WaitLong)
+
+		// nolint:gocritic // Must use owner to create user.
+		user1, err := client.CreateUserWithOrgs(ctx, codersdk.CreateUserRequestWithOrgs{
+			Email:           "coder@coder.com",
+			Username:        "coder",
+			Password:        "SomeStrongPassword!",
+			OrganizationIDs: []uuid.UUID{user.OrganizationID},
+		})
+		require.NoError(t, err)
+		require.Equal(t, codersdk.UserStatusDormant, user1.Status)
+		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
+		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
+
+		err = anotherClient.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
+			UserPerms: map[string]codersdk.TemplateRole{
+				user1.ID.String(): codersdk.TemplateRoleUse,
+			},
+		})
+		require.NoError(t, err)
+
+		acl, err := anotherClient.TemplateACL(ctx, template.ID)
+		require.NoError(t, err)
+		require.Contains(t, acl.Users, codersdk.TemplateUser{
+			User: user1,
+			Role: codersdk.TemplateRoleUse,
+		})
+	})
+
 	// Test that we do not return suspended users.
 	t.Run("FilterSuspendedUsers", func(t *testing.T) {
 		t.Parallel()