* Fix#1997 (allow the use of an external file for the email blacklist)
* Change config key names for blacklist (compatibility break)
* Accept globs rather than regexes for blacklist by default
* Blacklist comparison is now case-insensitive
* Add email-based password reset
Fixes#734
* rename SETPASS to RESETPASS
* review fixes
* abuse mitigations
* SENDPASS and RESETPASS should both touch the client login throttle
* Produce a logline and a sno on SENDPASS (since it actually sends an email)
* don't re-retrieve the settings value
* add email confirmation for NS SET EMAIL
* smtp: if require-tls is disabled, don't validate server cert
* review fixes
* remove cooldown for NS SET EMAIL
If you accidentally set the wrong address, the cooldown would prevent you
from fixing your mistake. Since we touch the registration throttle anyway,
this shouldn't present more of an abuse concern than registration itself.