User tokens not migrated if LDAP user ID case does not match login case

User token lookups in Nexus 3 from user ID to token are done using a case sensitive match.  This causes a problem after upgrading from Nexus 2.x to 3.x because Nexus 2.x uses the case a user logs in with when creating a token, and Nexus 3 uses the case of the ID stored in the LDAP server.

Reproduce steps:

1. Create an upper case LDAP user ID in an LDAP system.
2. Map this user into roles in Nexus 2.x that allow access to user tokens
3. Enable user token access in Nexus 2.x
4. Log in as the LDAP user using a lower case login ID, and access the user token
5. Upgrade to Nexus 3.4.0
6. Log in as the LDAP user using a lower case login ID, and access the user token

You will see that the token in Nexus 3 does not match the one in Nexus 2.

Notes

• LDAP user IDs are not case sensitive. This should be preserved in NXRM 3's behavior.
• This will likely require an upgrade step that cleans up duplicate user tokens that only differ by case.

• This problem may also affect default realm user ids.