fix(security): Validate username format in log_account endpoint

Add isSafeForLogging validation to prevent log injection attacks.
Only allows lowercase letters, numbers, dots, and hyphens (max 16 chars).
This blocks control characters like newlines that could be used to
forge fake log entries.