User cache in graph service is not multi-tenant safe

[rhafer]

Describe the bug

The graph service maintains a simple in-memory cache for looking up users by userid (https://github.com/opencloud-eu/opencloud/blob/main/services/graph/pkg/identity/cache.go#L87), that cache does currently not take the tenant-ids of the requesting and the requested user into account.

So a users from one tenant might get some information about a user from a different tenant if it gets to know the other users userid and if the user entry is already cached (because a different user looked it up before).

(Similar issues would exist for the groups cache, once we enable groups for multi-tenancy)

[dragonchaser]

Sorry got sidetracked with CI the whole week :/