Do not include unverified emails in searches when trying to identify commits

Summary

User reported commits in their repo being identified as the incorrect GitLab user due to the commit author email being set as commonfirstname@commonfirstnames-MacBook-Pro.local. Error prone and invalid addresses, such as those ending with .local, .example or those with otherwise invalid domain names will be unable to receive a verification email.

ZD ticket (GitLab internal): https://gitlab.zendesk.com/agent/tickets/120202

Steps to reproduce

1. From one GitLab account, commit and push to a repository with author set to sasha@sashas-MacBook-Pro.local.
2. From another account, add sasha@sashas-MacBookPro.local. It can't be verified via email since .local will be undeliverable.
3. The commit created in Step 1 will be identified as the user in Step 2.

What is the current bug behavior?

The user that registered the common, generated email address will show up as the author of commits across GitLab. When this happens in private projects, it appears to be suspicious activity at first glance.

What is the expected correct behavior?

It should appear as commits do when no GitLab user can be found.

Output of checks

This bug happens on GitLab.com.

Possible fixes

Unverified emails should not be included when searching for users to identify commit authors.