Default `OidcUser` conversion may return mismatch between `OAuth2User.getName()` and `OidcUser.getName()`

[rwinch]

Both OidcUserService and OidcReactiveOAuth2UserService may return an OidUser with a different username than the injected (Reactive)OAuth2UserService.

For example, OidcUserService is created without even having access to the OAuth2User.

Note that this blocks gh-16857 since it impacts how the name is resolved.

Related gh-17626 gh-17627 gh-16857

cc @jgrandja