fix(instagram): replace broken web_profile_info with signup-attempt endpoint

[anonymort]

Summary

• Bug: Instagram's web_profile_info API endpoint now returns 401 Unauthorized for all unauthenticated requests, causing every Instagram username scan to fail with [401] Status didn't match
• Fix: Switch to the signup-attempt endpoint (web_create_ajax/attempt), which reliably reports whether a username is taken without requiring authentication
• Approach: POST a registration attempt with just the username — Instagram's response includes a username error with code username_invalid or username_is_taken if the name is taken, and no username error if it's available. CSRF validation only checks that the header matches the cookie value, so a dummy token ("0") works without an extra preflight request

Test plan

• Verified known taken usernames (instagram, cristiano, bonniebop) report Found
• Verified non-existent usernames (xyznonexistent99999) report Not Found
• Verified full CLI works end-to-end: user-scanner -u <name> -m instagram
• Single HTTP request per check (no setup/teardown overhead)

🤖 Generated with Claude Code

[anonymort]

Verified this fix works end-to-end — ran a bulk scan of 41 usernames and Instagram checks returned correct results for all of them (e.g. bonniebop, bonniebean, missbonnie all correctly reported as Found). The signup-attempt endpoint is reliable without authentication. Ready to merge.

[kaifcodec]

@anonymort Thanks for the update, this approach is more reliable as it directly checks the username availability using the account creation flow.