It would be good if security realms could provide a method that could return an auto-completion candidate for authorization strategies to use when selecting principals.

Currently AzureAdMatrixAuthorizationStrategy exists for two reasons:
1. Making it easier to select users in AzureAd rather than just using their object ID (a UUID)
2. Provide display names so you know who you've granted access to.

1. Adding a method in SecurityRealm that looks up autocomplete suggestions and used in the UI
2. should be possible by fixing group lookup (by differentiating the types as mentioned in https://github.com/jenkinsci/azure-ad-plugin/issues/123#issuecomment-821125122

Would need to see what would end up getting stored (probably the principal ID), which would have the downside that JCasC config would no longer include the display name, (example note: abc is a uuid in real config). But maybe something can be done for that

The autocomplete should differentiate users and groups in the model that is used