users: move emails to separate table.

* Move emails from users table to email_addresses table.
* Validate that addresses are formatted correctly and are unique across
  users. Existing invalid emails are grandfathered in.
* Add is_verified flag (the address has been confirmed by the user).
* Add is_deliverable flag (an undeliverable address is an address that bounces).
* Normalize addresses to prevent registering multiple accounts with the
  same email address (using tricks like Gmail's plus addressing).

app/controllers/password_resets_controller.rb

@@ -3,10 +3,15 @@ class PasswordResetsController < ApplicationController
 
   def create
     @user = User.find_by_name(params.dig(:user, :name))
-    UserMailer.password_reset(@user).deliver_later
 
-    flash[:notice] = "Password reset email sent. Check your email"
-    respond_with(@user, location: new_session_path)
+    if @user.can_receive_email?
+      UserMailer.password_reset(@user).deliver_later
+      flash[:notice] = "Password reset email sent. Check your email"
+      respond_with(@user, location: new_session_path)
+    else
+      flash[:notice] = "Password not reset. This account does not have a valid, verified email address"
+      respond_with(@user)
+    end
   end
 
   def show