Need authenticated username context variable

[ozairs]

Currently the authenticated username for a request ends up in client.org.id for basicAuth or oauth.resource-owner for oAuth.

This makes identity propagation a challenge because there is no reasonable default for a policy like ltpa-generate. We can put $(client.org.id) but oAuth customers have to figure out the right value for their case. Identity propagation is nigh impossible for APIs that use basic and oAuth.

I propose a new context variable like request.whoami, that contains the authenticated name for the user, regardless of authentication scheme.