send mail on repeated hkp upload

Context: We don't generally send out verification emails when keys are uploaded via the hkp /pks/add endpoint. The reason is that gpg --send-keys is traditionally used to upload keys of other people for WoT workflows, and unsolicited emails will make people angry at us :) As one exception, when we see a key for the first time via this upload, we'll send a "welcome" email, based on the assumption that it's a freshly generated key that's being uploaded by its owner.

This MR adds a second exception, where if the same key is uploaded twice within a ratelimit timespan, and there are unpublished email addresses left, we'll send an "upload" email (similar to the welcome email) to its primary address.

The reason this came up is because the pks/add endpoint has an access pattern of repeated uploads from the same ip within a few minutes that comes up significantly often (I didn't run statistics, but I'd say almost half of pks/add access?). It's not a complete solution, obviously, but it should cover another few cases that ended up as support emails. I didn't document this feature, and I'm not sure we should due to its heuristic nature ("in gpg4win, hit upload twice to get the email").