Stop sending `{}` to the `/api/auth/login` endpoint when the login form hasn't been touched.

Steps to reproduce:

**Note**: You will need to watch the traffic in a DOM inspector; this has no user-observable symptoms because there's presently no error reporting for the login form.

1. In a new private tab, visit the `/login` page of a Pilcrow instance.
2. **Without touching the username or password fields**, click `sign in`.

The client _should_ send a request to `/api/auth/login` with the following payload:

```json
{
  "name": "",
  "password": ""
}
```

However, it instead sends an empty payload, leading to a 422 Unprocessable Content response as the request is missing required fields. Subsequent requests, or any request after the user enters data in the input fields, are correctly serialized.

Merges login-form-nulls into main.

1 files changed, 2 insertions, 2 deletions

diff --git a/ui/lib/components/LogIn.svelte b/ui/lib/components/LogIn.svelte
index c49ea3b..b491583 100644
--- a/ui/lib/components/LogIn.svelte
+++ b/ui/lib/components/LogIn.svelte
@@ -1,8 +1,8 @@
 <script>
   let { legend = 'sign in', logIn = async (username, password) => {} } = $props();
 
-  let username = $state();
-  let password = $state();
+  let username = $state('');
+  let password = $state('');
   let disabled = $state(false);
 
   async function onsubmit(event) {