Hash stored emails for storage

[victorb]

There is no need for us to actually keep the emails as plaintext as we'll be sending out no newsletter or other junk. The only time we send emails to the user it's because the user entered the email and wants to receive something now (like login codes).

Something like passing $salt+$email through sha256sum should do the trick.

See https://blog.klungo.no/2020/11/01/you-might-not-need-to-store-plaintext-emails/ for more details