If the auth config variable, disable_login_form, is set to true then
the username and email fields are set to read-only on the profile page.

The reason for this is so that the user does not lock themselves out by
changing their email address or username. Or create a new user by
changing both.

ref #7810