SECURITY UPDATE: fix authorization bypass in cupsd caused by
case-insensitive comparison of local user and group names.
debian/patches/CVE-2026-27447.patch: compare usernames against the
canonical pwname from getpwnam() with strcmp() in
cupsdCheckGroup() and cupsdIsAuthorized() in scheduler/auth.c;
include the upstream follow-up "Fix unauthenticated print policies"
(Issue #1557) so CUPSDAUTH_NONE policies still match users that
do not have a local account.