JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things:

1. index but don't store a case-folded version in the field ("customfield_10017:retail")
2. store a "raw" version in a new field with the _raw added to the end ("customfield_10017_raw:Retail")

The problem is that com.atlassian.jira.security.type.GroupCF looks for "customfield_10017:Retail". It doesn't know about this raw/case-folding stuff and ends up searching for something that doesn't exist.

Brenden believes this will be true for all custom fields that you base a security level on.

The result is that JQL doesn't return things that users should be able to see.

This worked in 3.13, meaning users that have upgraded to JIRA 4.0 now are getting bogus search results.

Note that this only affects custom field values that have uppercase letters in them. This means you can work around this bug by changing the custom field values to all be lowercase.