Remove hardcoded credentials from mastodon email scanner

[MichaelMVS]

The mastodon email scanner was sending hardcoded username/password credentials ('no3motions_robot_020102' / 'Theleftalone@me') as part of signup probe payloads. These credentials are unnecessary for email availability checks.

Changes:

• Removed 'user[account_attributes][username]' from payload
• Removed 'user[password]' and 'user[password_confirmation]' from payload
• Kept only what's needed for email checking: authenticity_token, user[email], and user[agreement]
• Added explicit timeout=15.0 to the AsyncClient
• Added httpx.TimeoutException handling

[Copilot]

Pull request overview

Removes hardcoded Mastodon signup credentials from the email availability probe and adds basic request timeout handling to improve safety and reliability of the email scanner.

Changes:

• Removed hardcoded username/password fields from the Mastodon signup probe payload.
• Added an explicit timeout=15.0 to the httpx.AsyncClient.
• Added handling for httpx.TimeoutException to return a clearer error result.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The availability logic relies on the response not containing the substring "has already been taken" and having a 200/302 status. With the reduced payload (no username/password fields), the server can legitimately return a 200 HTML validation page for reasons unrelated to email uniqueness (e.g., missing required fields / bot checks), which would be classified as available. Consider tightening the check to specifically detect email-related outcomes (e.g., parse for an email error vs. non-email errors), or send harmless placeholder values for required fields (e.g., empty/random username + dummy password) so the server reaches the same email-validation path reliably.