2LOi requests made from an application that has the username in a different case than FishEye/Crucible aren't authenticated properly even if 'force lowercase' is set

The implementation of com.atlassian.sal.api.user.UserManager#resolve, doesn't consider the 'force lowercase'
setting when processing the username provided in the 2LO request. This will cause the request to continue being processed as anonymous (as the 2lo validation succeeds, but it didn't have a valid username).

This potentially affects other auth methods that try to resolve a username (like trusted apps). 3LO is not affected, as the exact-cased username is stored with the 3LO token when creating the token.

Effects of this might include requests made from other applications with such a configuration to be treated as anonymous requests, and show incomplete or no data, depending on the request type and Fisheye's configuration.

A workaround is to use 3-legged OAuth for such configurations.