Make usernames unique over their lowercase values, and put validation in everywhere so two users can't do this again.

Usernames _are_ meant to be case insensitive in the system. But at no point where users could be created (except for XMLRPC users), was this actually being enforced. So eventually someone actually did this, which caused login for both users to break.

Now, all entry points for new users are checked to make sure users can't claim names whose lowercase value is the same as another user. And on postgres, we now have a unique index over LOWER(username). This isn't possible in MySQL, so MySQL users miss out (yet again).