Email Verification

1. Every registration creates a user whose email is not verified by default.
2. After registration, create a signed JWT with `exp` set to 5 minutes. Send a link `https://<api-url>/verify/{jwt}` via an SMTP service where `jwt` is the one just created.
3. Listen for `GET` requests at endpoint `/verify/{jwt}`, set `verified` = `true` for the `userId` encoded in the JWT once the JWT is verified. 