SAML linking should better handle inconsistent capitalization

What

Better handle the case when SAML NameID doesn't match the capitalization currently stored for a user under extern_uid.

Why

• We don't treat capitalization consistently. We prevent duplicate records in the database and with validation, but don't make this clear to group admins or return records with mismatched capitalization. We do state in https://docs.gitlab.com/ee/user/group/saml_sso/#nameid that the value must be unique and never change however.
• Currently we show a message SAML authentication failed: Extern uid has already been taken, User has already been taken, but this is unclear for this edge case. Including the provided NameID in the error could help, as could linking to the profile page to unlink, or explicitly noticing it is a capitalization differnce
• We could better document the apparent login loop users can end up in when capitalization produces the above error. A workaround would be to visit https://gitlab.com/profile/account and unlink the old capitalization.