Fix: Match token login name by UID or e-mail address

With this changes the login name gets matched against the token user's
e-mail address in addition to the login name.

This fixes the web login flow of the app, where the session is based on
the e-mail address but the token uses the UID.

Fixes #44164

lib/private/User/Session.php

@@ -780,12 +780,13 @@ private function validateToken($token, $user = null) {
 	 * Check if login names match
 	 */
 	private function validateTokenLoginName(?string $loginName, IToken $token): bool {
-		if ($token->getLoginName() !== $loginName) {
-			// TODO: this makes it impossible to use different login names on browser and client
-			// e.g. login by e-mail '[email protected]' on browser for generating the token will not
-			//      allow to use the client token with the login name 'user'.
+		$tokenUser = $this->manager->get($token->getUID());
+		$tokenEmail = $tokenUser->getEMailAddress();
+
+		if ($token->getLoginName() !== $loginName && $tokenEmail != $loginName) {
 			$this->logger->error('App token login name does not match', [
 				'tokenLoginName' => $token->getLoginName(),
+				'tokenEmailAddress' => $tokenEmail,
 				'sessionLoginName' => $loginName,
 				'app' => 'core',
 				'user' => $token->getUID(),