Fix: Auto-claim should not validate claim message format

Auto-claim was incorrectly using validateUsernameClaim() which
expects 'claim:{username}:{timestamp}' message format. This failed
when users tried to auto-claim via publishService or getService.

Now auto-claim only:
- Validates username format
- Verifies signature against the actual message
- Claims the username

This allows implicit username claiming on first authenticated request.

src/rpc.ts

@@ -9,6 +9,7 @@ import {
   isVersionCompatible,
   verifyEd25519Signature,
   validateAuthMessage,
+  validateUsername,
 } from './crypto.ts';
 
 /**
@@ -67,18 +68,15 @@ async function verifyAuth(
     }
 
     // Validate username format before claiming
-    const validation = await validateUsernameClaim(
+    const usernameValidation = validateUsername(username);
-      username,
+    if (!usernameValidation.valid) {
-      publicKey,
+      return usernameValidation;
-      signature,
+    }
-      message
-    );
 
-    if (!validation.valid) {
+    // Verify signature against the current message (not a claim message)
-      return {
+    const signatureValid = await verifyEd25519Signature(publicKey, signature, message);
-        valid: false,
+    if (!signatureValid) {
-        error: validation.error || 'Invalid username claim',
+      return { valid: false, error: 'Invalid signature for auto-claim' };
-      };
     }
 
     // Auto-claim the username