Two-way email address verification

[Changaco]

The traditional method of verifying an email address is to send a message to it. The problem is that this is easily abused by inputting someone else's email address. Originally there was no other way to confirm an email address, but nowadays most email messages are cryptographically signed and their points of origin can be checked, so instead of asking a user to input their email address, we could first ask them to send a message to a “virtual” email address we control, then reply with a more traditional message containing a randomly generated secret. This could:

• fix #61 entirely instead of merely mitigating it
• block “fake” email addresses which can only be used to receive or send messages
• eliminate the problem of mistyped email addresses (#1255)
• be immediately effective, as opposed to the previous idea in #1687

The problems are:

• people aren't used to it, so it would be criticized as too complicated no matter how well we explain it
• the user's browser may not know which application to open when a button to send an email is clicked
• the verification would fail if a legitimate message has a seemingly invalid signature or point of origin due to technical errors, which a normal user can't do much about

Also, DKIM signatures aren't quantum-resistant yet, but this isn't really a problem.

Like #2290, this could be built using Cloudflare's Email Routing.