How and why use validate_username and how to secure inputs fields of registration form?

I would use validate_username to protect username and other inputs from tags, octet, and others filters and conditions from sanitize_user but these functions only remove these dangerous chars and does not warn the user to not use these chars.

Does it exist a wordpress function of the same kind as validate_username that allow to warn and restrict user to use the same chars and conditions than those used in validate_username function ?

Could you help me to write a regex which fulfills the same conditions as validate_username to display error if one of conditions is positive.

And how I must do to add this regex |%([a-fA-F0-9][a-fA-F0-9])| to this one /^[A-Za-z0-9]$ / I don’t understand the use of | and / . In php.net this | is use to say "or" . For example this /^[A-Za-z0-9]$ / does not take into account octet (or exadecimal ?) as it define here : WordPress sanitize_user/

Knowing that hackers always discover solutions to hack what is to date the best solution to protect a registration and login form. If this last question is duplicate could you please post the link of existing response ?