REST: harden guest author username collision handling

[dknauss]

Guest author creation should not fail just because two people share the same normalized name or because a display name (e.g., with non-ASCII characters) normalizes to an empty username. This patch keeps the existing endpoint contract intact while making username generation deterministic, resilient, and easier to reason about in real-world editorial workflows.

Summary

Harden guest author creation so generated usernames remain valid and unique when names collide or normalize to an empty value.

What changed

• normalize guest-author usernames from the provided display name
• fall back to guestauthor when normalization produces an empty username
• ensure generated usernames are unique before creating them
• remove the temporary signup-validation filter after the request completes
• add focused tests for duplicate-name and non-ASCII-name creation

Why

The current guest-author create path assumes the first generated username is
usable. In practice, valid guest-author requests can collide with an existing
username or normalize to an empty string.

This change makes guest-author creation deterministic and more resilient without changing the endpoint contract.

Scope

This PR is intentionally narrow and limited to guest-author username generation.

Included:

• inc/class-users-controller.php
• tests/phpunit/test-rest-api-user-endpoint.php

Not included:

• broader REST changes
• observability additions
• unrelated post insert or CLI behavior

Verification

• vendor/bin/phpunit --filter TestRESTAPIUserEndpoint
• php -l inc/class-users-controller.php
• php -l tests/phpunit/test-rest-api-user-endpoint.php