Users email can be changed without verification

A user api endpoint that accepts updates for user profile information also accepts an email address field. The researcher found a bug where a previously verified email address could be updated via this endpoint but would not be marked as unverified. This endpoint still accepts email address changes but now also ensures that any email address record that was previously verified loses its verified status upon update.