Domain aliases must be explicitly listed in autogroups

When a tailnet uses domain aliases, autogroups like `user:*@example.com` will not automatically include users from aliased domains. For example, if `example.io` is aliased to `example.com`, users logging in as `@example.io` will not match `user:*@example.com`.

For tailnets with domain aliases, explicitly specify each aliased domain in ACL autogroups. If `example.io` is aliased to `example.com` and both should be included, use both `user:*@example.com` and `user:*@example.io` in the policy file.