Record eppn as part of audit log

The `sso_log` table records the `mail` attribute, but not the un-transformed version of the `eppn`. Because the `uid` is generated from the `eppn` in a way that makes it impossible to go backwards (was that `_` an `_` or a `.` before?), it would be useful to have the original `eppn` stored. Ideally existing records without this field could be updated at next login.