So if we have this property:

'author_email'     => array(
    'description'  => 'Email address for the object author.',
    'type'         => 'string',
    'format'       => 'email',
    'context'      => array( 'edit' ),
),

The validate_callback (cf. WP_REST_Controller::validate_schema_property) checks to see if the value passes is_email, which is good.

The sanitize_callback (cf. WP_REST_Controller::sanitize_schema_property) executes sanitize_email on the value (possibly twice). Essentially (the logic here is), if the email value returns ok from sanitize_email and sanitize_email does not return an empty string, sanitize it again and return the doubly sanitized email. Else, if it returns an empty string (due to failing min length, missing @, or missing domain), sanitize_schema_property allows the value to still pass as sanitized via sanitize_text_field. The code notes that it really doesn't care if the value passes sanitize_email because it is "lossy". If that is the case, then why not just allow the validate_schema_property use of is_email do the sanitization work and only return the value through sanitize_text_field in sanitize_schema_property.