NOTE: This work status is pending, depending upon the outcome of conversations with Security, as detailed in T237755.
As a product manager, I want to remove any notifications associated with incorrect or incomplete information on Special:PasswordReset, so that we can provide a more secure and private experience for users.
* If any user submits any information on Special:PasswordReset (i.e., data for username or email address), they should be redirected to the message screen
* This applies regardless of whether PRU is enabled, and regardless of whether the information entered is valid or invalid in the system
* Exception #1: If the user submits a username without characters accepted by Wikimedia, then they should be prevented from completing the form
* Exception #2: If the user submits an email address without the @ symbol or other basic requirements of email, then they should be prevented from completing the form