feat: add robust login ID collision prevention and UI validation (#440)

- Add `ValidateLoginID` to enforce ID collision and security rules (prevents phone number collision, email format usage, and reserved words).
- Add `POST /api/v1/auth/signup/check-login-id` endpoint for real-time ID availability checks.
- Add `checkLoginIDAvailability` API call to userfront's `AuthProxyService`.
- Implement "Check Duplication" button and error/success messaging for the Login ID field in the signup screen.
- Add "000000" magic code bypass for `VerifySignupCode` in non-production environments to streamline testing.

backend/internal/handler/auth_handler_signup_test.go

@@ -136,6 +136,7 @@ func TestSignup_CompanyCodeValidation(t *testing.T) {
 		validTenant := &domain.Tenant{ID: "t1", Slug: "valid-slug", Status: domain.TenantStatusActive}
 		mockTenantSvc.On("GetTenantByDomain", mock.Anything, "gmail.com").Return(nil, nil)
 		mockTenantSvc.On("GetTenantBySlug", mock.Anything, "valid-slug").Return(validTenant, nil)
+		mockTenantSvc.On("GetTenant", mock.Anything, "t1").Return(validTenant, nil)
 		mockIdp.On("CreateUser", mock.Anything, mock.Anything).Return("user-id", nil)
 		mockRedis.On("Delete", mock.Anything).Return(nil)