The list unsubscribe/ endpoint now performs validation that the user
making the request owns the email address they have requested be
unsubscribed. Without this check, any logged-in user could unsubscribe
any other email address from any list, also leaking whether that address
was subscribed in the first place.

Closes #531.