Determine whether pattern matching approach with preg_match is appropriate

We either continue down the current path of loading all configuration entities and using something like preg_match to validate whether the regular expression matches the name/mail.

Alternatively, we use something like entityQuery and restrict matching to what we had in the D7 version with _ for single character and % for any characters.

I have two concerns about preg_match:

• One is how well this will scale. If we're dealing with a site with 1000 user restriction config entities, it will take longer to load all entities into memory before running through preg_match. On sites with low numbers of user restriction rules, this shouldn't be an issue.
• The second is security. I have done a fair amount of research and I can't find any reason why user entered values shouldn't be used for the 'pattern' part of a preg_match function. That being said, I would prefer to be overly cautious.

Update from Mixologic on IRC:

Mixologic> typhonius: I've got access. we've recently started using that a lot more as a whitelist for another module
Mixologic> typhonius: we have 575 rules.

Preg_match was added here for 8.x #2936400: Massive refactoring / introduce plugins