I don't know that using $LTI_modify_user would work in this scenario. I believe it could be used to force the username to be stored in WW in lowercase, but will this cause LTI authentication to fail next time since the username won't match what the LMS is sending?
This would not be modifying the string from LTI. The first thing WW does is authenticates the package passed from LTI. Once the package is confirmed WW is free to use that information however it is needed. For example, there is an option for WW to strip the domain off the email address and use that as the username. It wouldn't be hard to add another option to force the email address to be lowercase.