Allow secondary emails to be verified
Secondary emails on GitLab are currently not verified; we don't send a verification email and don't know if the email actually belongs to the user in question.
We currently only use them to link commits to users based on the commit's author email, so this is not much of a problem. However, now that we have have GPG verification of commits, we'd like this to also work when the signature's email is one of the user's secondary emails, rather than their primary/verified one. Before we can do this, we need to allow the verification of secondary emails, since we can only verify that a commit and signature belong to the a certain user if we have also verified that the email in the signature and commit actually belongs to them. See #36959 (closed).