Make Microsoft directory sync group filter case-insensitive

[danielheimburg]

Summary

• make Microsoft directory sync group filter matching case-insensitive for per-user group sync
• keep existing behavior for exact group names while accepting common casing differences like developers vs Developers
• add a regression test for the filter matcher

Root cause

Microsoft per-user group sync fetches a user's groups from the memberOf endpoint and then applies the configured directory_sync_group_match filter locally.

That local filter used Vec::contains(display_name), which is case-sensitive. In practice this meant a configured filter like developers would not match a directory group named Developers, so the filtered set became empty and later sync logic removed the user's existing local groups.

Code evidence

• crates/defguard_core/src/enterprise/directory_sync/microsoft.rs: per-user group sync filtered with exact contains
• crates/defguard_core/src/enterprise/directory_sync/mod.rs: later sync removes groups not present in the filtered directory set

Testing

• added a unit test covering case-insensitive filter matching
• local test execution in this environment was blocked later in the build by a missing protoc binary required by another crate, so the patch is code-reviewed but not fully executed here