To add, this is original code from setup-roundcube.php:
if (file_exists("{$path}/config/roundcube_config.inc.php")) {
lxfile_cp("{$path}/config/roundcube_config.inc.php", "{$path}/config/config.inc.php");
$cfgfile = "{$path}/config/config.inc.php";
$content = lfile_get_contents($cfgfile);
$content = str_replace("mysql://roundcube:roundcube", "mysql://roundcube:" . $pass, $content);
$content = str_replace("mysql://roundcube:pass", "mysql://roundcube:" . $pass, $content);
$content = str_replace("mysql://roundcube:@", "mysql://roundcube:" . $pass . "@", $content);
lfile_put_contents($cfgfile, $content);
}
$result = $link->query("GRANT ALL ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY '{$pass}'");
$link->query("flush privileges");
As shown, both config files and SQL grant query consistently have the user as 'roundcube'.