CaptchaChallengeService returns true if user is unknown
This changes CaptchaChallengeService's behavior so that it returns true instead of a 404 when checking a user that does not exist. This should prevent this endpoint from being used to scrape for valid email addresses.
Related to #359756
Edited by Paul Gascou-Vaillancourt