[Improved, Fixed] Security hardening for signup and invite flows

Improvements

• Signup and invite forms now validate names in real time, blocking emails, URLs, control characters, and other spam patterns
• All new signups require a Turnstile check, adding an extra layer of bot protection
• Team invites are limited to 10 requests per 15-minute window per IP address to prevent mass-spam attacks

Fixes

• Closed a loophole that allowed attackers to inject malicious text into first and last name fields during signup or team invitations