feat: add robust login ID collision prevention and UI validation (#440)

- Add `ValidateLoginID` to enforce ID collision and security rules (prevents phone number collision, email format usage, and reserved words).
- Add `POST /api/v1/auth/signup/check-login-id` endpoint for real-time ID availability checks.
- Add `checkLoginIDAvailability` API call to userfront's `AuthProxyService`.
- Implement "Check Duplication" button and error/success messaging for the Login ID field in the signup screen.
- Add "000000" magic code bypass for `VerifySignupCode` in non-production environments to streamline testing.

userfront/lib/core/services/auth_proxy_service.dart

@@ -893,6 +893,27 @@ class AuthProxyService {
     return false;
   }
 
+  static Future<Map<String, dynamic>> checkLoginIDAvailability(String loginId, {String? companyCode}) async {
+    final url = Uri.parse('$_baseUrl/api/v1/auth/signup/check-login-id');
+    final bodyData = {'loginId': loginId};
+    if (companyCode != null && companyCode.isNotEmpty) {
+      bodyData['companyCode'] = companyCode;
+    }
+    final response = await http.post(
+      url,
+      headers: {'Content-Type': 'application/json'},
+      body: jsonEncode(bodyData),
+    );
+
+    if (response.statusCode == 200) {
+      final data = jsonDecode(response.body);
+      return {'available': data['available'] ?? false, 'message': data['message']};
+    } else {
+      final data = jsonDecode(response.body);
+      return {'available': false, 'message': data['message'] ?? 'Failed to check ID'};
+    }
+  }
+
   static Future<void> sendSignupCode(String target, String type) async {
     final path = type == 'email' ? 'send-email-code' : 'send-sms-code';
     final url = Uri.parse('$_baseUrl/api/v1/auth/signup/$path');