Remove `username` from `User#sanitize_attrs` callback

This attribute is since validated against DynamicPathValidator, which has strict requirements for the characters allowed, and should no longer need to be sanitized in a callback before saving.

This has additional benefits in our test suite, where every creation of a User record was calling Sanitize.clean on a username value that was always clean, since we're the ones generating it.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/35962