Match external auth forward_headers in case-insensitive way

Why it matters

This feature addresses the problem of header case sensitivity when forwarding headers for external authentication. Since HTTP headers are case-insensitive by standard, matching forward_headers without considering case ensures reliable and consistent authentication behavior, avoiding potential mismatches and errors caused by header case variations.

How to use it

No explicit user action is required. The handling of forward_headers during external authentication is now automatically case-insensitive, improving compatibility with external systems that may use different header casing conventions.