enable "User-Agent" header only with consent

Currently, all outgoing messages include a "User-Agent:" header by default.

This was implemented in an age when the internet was a different place. RFC 7258 states that "Pervasive Monitoring Is an Attack":

Pervasive Monitoring is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers.

This is not only theoretical: People are in jail because multiple personas have been linked with the help of version headers in emails - specifically OpenPGP version headers.

The OpenPGP community has responded by disabling version headers by default across the ecosystem: GnuPG, GPGTools, SKS keyserver, LibTMCG.

Many MUAs have also disabled the "User-Agent" header by default: notmuch, Enigmail, GPGTools.

I propose to change the default value of user_agent to no. Of course it can still be enabled for debugging, vanity or fun - but with explicit user consent.