Extended login: Don't use a $wg config variable, add UserName

Extended login: Don't use a $wg config variable, add UserName

CentralAuth needs 'User' as well for this to work.  However, this
shows the exact cookie names are an implementation detail that should
not be exposed as a 'wg'.

Instead, use a function in the CookieSessionProvider.  That way,
CentralAuth can override it properly without requiring users to change
$wg's.

I also added UserName. provideSessionInfo will fail to return
session info if UserID and UserName are both set and don't match.

Also, the UserID<->UserName mapping is public, so there is no
additional privacy issue.  Thus, it seems we should expire them
the same time.

Bug: T68699
Change-Id: Ia3259846433980408f79d44f665e17e15670e8ee