UTF-8 NFKC normalization confusion in an OAuth proxy

The proxy normalizes the email claim before comparison, but the upstream provider does not. ＠ (U+FF20) folds to @. Predictable email-to-tenant mapping does the rest.