Track behavior of \1 in pg_ident.conf when quoted

Entries of pg-user in pg_ident.conf that are quoted and include '\1'
allow a replacement from a subexpression in a system user regexp.  This
commit adds a test to track this behavior and a note in the
documentation, as it could be affected by the use of an AuthToken for
the pg-user in the IdentLines parsed.

This subject has come up in the discussion aimed at extending the
support of pg-user in ident entries for more patterns.

Author: Jelte Fennema
Discussion: https://postgr.es/m/CAGECzQRNow4MwkBjgPxywXdJU_K3a9+Pm78JB7De3yQwwkTDew@mail.gmail.com

doc/src/sgml/client-auth.sgml

@@ -960,6 +960,9 @@ mymap   /^(.*)@otherdomain\.com$   guest
    will remove the domain part for users with system user names that end with
    <literal>@mydomain.com</literal>, and allow any user whose system name ends with
    <literal>@otherdomain.com</literal> to log in as <literal>guest</literal>.
+   Quoting a <replaceable>database-username</replaceable> containing
+   <literal>\1</literal> <emphasis>does not</emphasis> make
+   <literal>\1</literal> lose its special meaning.
   </para>
 
   <tip>

src/test/authentication/t/003_peer.pl

@@ -153,6 +153,19 @@ test_role(
 	log_like =>
 	  [qr/connection authenticated: identity="$system_user" method=peer/]);
 
+# Success as the regular expression matches and \1 is replaced in the given
+# subexpression, even if quoted.
+reset_pg_ident($node, 'mypeermap', qq{/^$system_user(.*)\$},
+	'"test\1mapuser"');
+test_role(
+	$node,
+	qq{testmapuser},
+	'peer',
+	0,
+	'with regular expression in user name map with quoted \1 replaced',
+	log_like =>
+	  [qr/connection authenticated: identity="$system_user" method=peer/]);
+
 # Failure as the regular expression does not include a subexpression, but
 # the database user contains \1, requesting a replacement.
 reset_pg_ident($node, 'mypeermap', qq{/^$system_user\$}, '\1testmapuser');