Client can spoof name with spaces

By changing the gameprofile name sent in the ServerboundHelloPacket on login, clients can give themselves names with special/unallowed characters. The auth server apparently ignores the spaces and validates the name as correct. This can be used to block commands only accepting user name input for that specific user, as spaces are used as an argument separator (quoting doesn't work as well, unless I typo'd it?), aside from the obvious spoof.

See the following Fabric mod Mixin for minimal repro, mixing into the ServerboundHelloPacket and just changing what is written to the buffer: https://paste.gg/p/KennyTV/e7211deac05949939e856523cccacda3

Result:

[13:37:12 INFO]: UUID of player   kennytv   is a8179ff3-c201-4a75-bdaa-9d14aca6f83f
[13:37:12 INFO]:   kennytv   joined the game
[13:37:12 INFO]:   kennytv  [/127.0.0.1:53872] logged in with entity id 2 at ([world]-288.87669367416487, 75.0, -403.3142351719185)