when extracting the userid from the LTI launch request, look for lis_person_sourcedid first, then custom_canvas_user_login_id, then user_id

don’t throw PermissionDenied if there is no LTI data in the request; this is to allow view-by-view authentication

Handle case where the SIS user id isn’t available in the LTI request; handle missing email/first_name/last_name