Implement Username Remapping from idToken & Enforce Uppercase Group Names in OAuth2 Filter

[afabiani]

We need to enhance our OAuth2 authentication filter with two new features to improve consistency and flexibility when processing identity tokens:

1. Username Remapping:

   • When a valid idToken is provided that contains both a principal claim and a unique username claim, the filter should remap the incoming username (extracted from the principal claim) to the unique username.
   • This helps us ensure that users are created or looked up using a consistent unique identifier.

2. Uppercase Group Names:

   • Introduce a new configuration parameter, groupNamesUppercase, which, when enabled, forces group names obtained from token claims to be stored and looked up in uppercase.
   • This avoids case sensitivity issues and duplicate groups (e.g., "admin" vs. "ADMIN").

Acceptance Criteria:

• The OAuth2 filter must decode and validate the idToken only once and use that for remapping.
• When groupNamesUppercase is set to true, groups from token claims should be normalized (converted to uppercase) before lookup or insertion.
• Unit tests must cover:
  • The username remapping functionality.
  • The correct lookup, creation, and assignment of groups with uppercase names.
• Documentation is updated with new configuration parameters and usage instructions.