No need for both username and email

The original username/password design didn't assume we'd always be collecting email.  Now that we are always collecting email, there's no need to ask the user for a username.

@jvilhuber I know you were worried about encrypting username because it would likely include PII or even be an email address.  Seem to make sense if we just eliminate it.