Improve userName & displayName validation on accountCreation stage

When creating new account, frontend calls `/accounts/validate_fields`
api to validate username & displayname. Then it again calls
`/accounts/create` to create new account.

There is a chance any malicious user can detect it & validate userName &
displayName against proper names but create account with invalid values
by making js calls.

To mitigate this issue, we will save the validated username &
displayname on user's session & `/create` endpoint won't take these
params. These values will be fetched from the session.

issue: https://gitlab.e.foundation/e/infra/backlog/-/issues/3551