Gitlab user guessing through /users/<user>/exists should be blockable

Summary

/users/$user/exists endpoint allows for unauthenticated user guessing.

Steps to reproduce

$ curl 'https://gitlab.com/users/maxenced/exists'
{"exists":true}

What is the current bug behavior?

the /exists endpoint is used by sign up page to check if a username already exists. I see 2 issues there:

1. Even when the registration disabled in gitlab admin, the sign up page is still available (but registration will be denied)
2. The /users/$user/exists endpoint can be used without any limitation and can be used to guess existing users.

What is the expected correct behavior?

sign up page and /exists endpoint should provide an option to be fully blocked / return 404

Not sure if I should tag this as a security request, but just in case