Possible impersonation attack - 2 users registered with the same username

[kingalg]

Version: Quiet.2.3.2-alpha.5
System: Linux, Windows, MacOS (not sure about mobiles, I wasn't able to reproduce it on android yet, and I don't have iOS version)

Issue: I was able to register two different users with the same username, which resulted in a "Possible impersonation attack" popup on all members of this community's screens.

How it happened:

1. The Owner on Windows registered with the username win1311.
2. Mac joined with username mac1311 (no issues)
3. Linux joined with username mac1311 (both Owner and original mac1311 were online)

What should happen - the user on Linux should receive a popup informing that this username has already been taken.
What happened - The username mac1311 was registered a second time, which resulted in a "Possible impersonation attack" popup being displayed on all the other users' screens.

Does it happen every time?
No, I get a correct "duplicate username" popup several times, checking this in different configurations on both mobiles and desktops.

Is it possible to reproduce?
Yes, I did reproduce it with only two users - the Owner and one user joining with the same username as the Owner.

Logs from the Owner (in the logs, you can probably also see that the user on Mac tried to register with a duplicated username twice but got the correct popup):
logs.win.owner.1113.txt

Logs from Linux:
logg.linux.1311.txt

[holmesworcester]

Let's not fix this and instead prioritize #2652