In order to mitigate against MUAs previewing URLs, move the token
verification flow to a POST handler, and add a new GET handler
which returns a form requiring the user to click an additional time
in order to verify their address.
The returned form also carries some JavaScript which will attempt to
do this for the user, meaning the experience for the user should be
almost exactly as before, while mitigating MUA previews.
Closes: #53
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Vincent Breitmoser