Add a confirmation step when a user changes their own email address in their profile.

Currently there is no process and any new email address is accepted.

I think we could do it like this instead:

• User edits profile and submits form
• If email is different then:
• Do NOT update the real profile email yet.
• Save that new email in a user preference together with a random key.
• Send an email to the NEW address with instructions and a link containing the secret key.
  eg http://moodle.org/user/emailchange.php?id=y73nj3bh3b3m7678bbhbhbhbh3bh34
• User finds the email, clicks the link, and a script:
• verifies the secret key,
• changes the profile email to the new one and
• deletes the user preference