Email addresses exposed in getPersonBySlug API

This researcher pointed out that the `getPersonBySlug` method in the internal API (the API which our frontend code uses to retrieve data from the system) exposed the email addresses of users who had connected Google accounts to their LGTM accounts. Since this API method does not check any authorization, this constituted an unintended disclosure of this data. An example was provided including the email address of another account. Semmle fixed the problem by restricting the type of account identifiers that were exposed by this API: the frontend code did not make any use of this information. It was subsequently concluded that this had error had been introduced approximately one month before the date of the report. Affected users have been informed by email.