Check validity and availability of usernames during signup via AJAX

This is done in addition to the server-side checks. Users who have
disabled JavaScript will not notice any difference.

The way this is done (via action=query&list=users API) means that we
can't check for all possible error conditions, both for the username
(e.g. these enforced by extensions like AntiSpoof) and other parts of
the form (e-mail, password…) – these are still handled server-side
only. Thus we intentionally never say that whatever the user typed in
is valid – we only warn when we know it's not.

Doing this "properly" would require some reworking of the internals of
the signup process and this way is already a huge improvement.

(Split off from the reverted a0c72523.)

Bug: 34447
Change-Id: I42c00b54651fd4e7217a862b3116c6113935f5ae