Email address enumeration in Commerce example templates

[thisisjamessmith]

I appreciate it's on your "non-qualifying vulnerabilities" list for security issues (https://github.com/craftcms/commerce/security/policy#non-qualifying-vulnerabilities), but the example templates provided in Commerce should probably try to avoid the user email enumeration trap, or at least make copy-pasters aware of the issue.

(To be more specific, the first step of the example store's checkout process asks for the user's email address, and different outputs are displayed depending on whether the user has an account, thereby allowing an attacker to establish that a given email address has an account).

[lukeholder]

@thisisjamessmith Thanks for the feedback, we will add some comments to the example templates, and possibly use the https://craftcms.com/docs/3.x/config/config-settings.html#preventuserenumeration setting to disable it in the template. Thanks.