Signup: username uniqueness check strips whitespace but stored AD username does not

[rubin110]

Found in code review of PR #284 (merged).

In signup_submit (code/DHMemberPortal/app.py), the server-side username uniqueness check strips whitespace:

username = (request.form.get("username") or "").strip()
if username and dhservices.is_username_taken(access_token, username):
    ...

But identity_data, built earlier in the same function, stores the raw, unstripped value:

identity_data = {
    ...
    "active_directory_username": request.form.get("username"),  # no .strip()
    ...
}

Consequence

A submission like "alice " (trailing space) is checked as alice (which may pass as available) but stored as "alice ". The value whose uniqueness we verified diverges from the value we persist. Downstream AD/B2C provisioning may normalize the whitespace differently, and a future case-insensitive collision check against the stored value won't match what the user actually picked.

Suggested fix

Strip once at the top of signup_submit and reuse the single normalized value for both the uniqueness check and identity_data["active_directory_username"]. Consider applying the same normalization to the other identity fields while there (tracked more broadly in #293).

Context: PR #284, related #293 (server-side validation).