Allow list owners to change addresses

It is unlikely that a merge request to implement this RFE will ever be allowed, for the following reasons. I'm posting this and leaving it open because it's frequently requested. But if you have ideas about how to prevent enough exploits to make it worth installing, be my guest.

Conceptually simple, but exposes various vulnerabilities to "social engineering" because list administrators are frequently not sophisticated.

The fundamental problem is that Users own Addresses, so it's necessary to authenticate the User, not the Address. But the usual send OTK to verify the requester owns the Address doesn't work if the request claims that the old Address is now invalid.

A second problem is that if the Address is used for multiple subscriptions, the User probably wants them all changed. If the list administrator is trusted to update a User, this may be OK. (Lots of "probably" there ....)