I guess the question is: What kind of adversary knows H(username, discriminator) but not username and discriminator?

It's possible that the hash is just inherently disclosed by the server. At a minimum I presume that Alice can distinguish between "this Signal recipient exists on the server" vs not, which in the nickname setting is hash existence oracle. Dunno how the nicknames are hooked to their rate limit HSMs.