DefaultRestSearchService.userSearch(String, Integer) should query the database instead of the search index

The fix for CONF-22553 prevents the user search failing if usernames have been retrieved from the search index which don't exist in an Embedded Crowd directory (cache, cwd_user) anymore.

The bug manifests as

java.lang.NullPointerException
	at com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.setThumbnailLink(PersonalInformationContentEntityBuilder.java:47)
	at com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.setUserProperties(PersonalInformationContentEntityBuilder.java:91)
	at com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.build(PersonalInformationContentEntityBuilder.java:84)
	at com.atlassian.confluence.plugins.rest.service.DefaultRestSearchService.toSearchResultEntity(DefaultRestSearchService.java:218)
	at com.atlassian.confluence.plugins.rest.service.DefaultRestSearchService.makeSearchResultsEntityList(DefaultRestSearchService.java:190)
	at com.atlassian.confluence.plugins.rest.service.DefaultRestSearchService.userSearch(DefaultRestSearchService.java:61)
	at com.atlassian.confluence.plugins.rest.resources.SearchService.doUserSearch(SearchService.java:187)

and was caused by CONF-25470.

The fix was to put the following check into com.atlassian.confluence.plugins.rest.entities.builders.PersonalInformationContentEntityBuilder.setThumbnailLink(ContentEntity, String):

        User user = userAccessor.getUser(username);
        if (user == null)
        {
            user = new UnknownUser(username);
        }
        contentEntity.setTitle(user.getFullName());

This approach is unsatisfactory, as it will return users which are irrelevant for the search (see unknown-user.png).

One does not want to share a page with a non-existent user, and also not with a user who does not have use permission (unless you want him to send an invite URL).

Imo we should not perform a search for users in that context on the search index. The point being is that the database is the source of truth, and the index could potentially be out of sync anyway. For a user search, the relevant columns are lower_user_name, lower_display_name, lower_email_address, lower_first_name and lower_last_name in the cwd_user table. All of these columns have indices (see cwd_user-indices.png). This information should probably be joined/scoped to users who have use permission for Confluence and view permission for the page to share in question (probably better to select them as well but tell the reason why sharing a page with them would not make sense).