Limit phone number re-use for verification

[jldec]

Followup to #12258

Phone number verification would probably be more effective if it did not allow re-use of phone numbers across accounts. There appear to be services which provide low-friction re-usable phone numbers for circumventing verification.

[svenefftinge]

Have we checked our data if this would help?

[svenefftinge]

We could blacklist any phone numbers that have been used by blocked accounts.

[atduarte]

There are a couple of things we could, and believe we should, do:

1. Add a "Blocked phone numbers" tab to /admin, like we have for repositories. Allowing to add new, modify, delete numbers manually
2. Look for phone numbers used too many times and block all associated accounts.
3. Automatically block a phone number when the user is blocked. And unblock when the user is unblocked.
4. Stop deleting the phone number when the user deletes the account, guaranteed we never use it for anything other than abuse mitigation purposes.
5. Do not allow more than 3 verifications with the same phone number. More than that should require contacting support.

[mbrevoort]

Do not allow more than 3 verifications with the same phone number. More than that should require contacting support. This seems pretty reasonable and would catch a lot of cases automatically while avoiding some legitimate phone number reuse scenarios.