Fix org membership verification for usernames containing characters not allowed by GH/E

[nexdrew]

Issue discovered by Peter Murray at ICAP.

If using GHE backed by an SSO system (like LDAP/AD) as auth strategy for npmo, it's possible that usernames dictated by the SSO system contain characters not allowed in GH (GH only allows alphanumeric characters and hyphens), such that npm login commands must use the username matching the backing SSO system instead of the GH-translated username (which will convert all "illegal" characters to hyphens). This is all well and good - until I attempt to lock down npmo auth to a specific GHE org.

For instance, if my SSO username is awesome_user, my GHE username will be awesome-user. Since I can only specify one username on npm login and that username will not match one of the systems without translation, I either can't be authenticated against the SSO system (if using awesome-user) or this plugin can't verify my org membership (if using awesome_user).

We will probably need to check for "GH illegal characters" in usernames and convert them to hyphens when verifying org membership. Either that, or just do some fuzzy username matching that ignores non-alphanumeric characters.