This can be done trough the API for the current user, or on the
profile page.

This is in preparation for modifying importers to assign e-mails for
only confirmed emails.

Signed-off-by: Rémy Coutable <remy@rymai.me>

ObjectStore uploader requires presence of associated `uploads` record
when deleting the upload file (through the carrierwave's after_commit
hook) because we keep info whether file is LOCAL or REMOTE in `upload`
object.

For this reason we can not destroy uploads as "dependent: :destroy" hook
because these would be deleted too soon. Instead we rely on
carrierwave's hook to destroy `uploads` in after_commit hook.

But in before_destroy hook we still have to delete not-mounted uploads
(which don't use carrierwave's destroy hook). This has to be done in
before_Destroy instead of after_commit because `FileUpload` requires
existence of model's object on destroy action.

This is not ideal state of things, in a next step we should investigate
how to unify model dependencies so we can use same workflow for all
uploads.

Related to #45425

When terms are enforced, but the user has not accepted the terms
access to the API & git is rejected with a message directing the user
to the web app to accept the terms.

Closes #37462.

Removes permanent redirects, this means that redirects will only be
possible as long as the old route isn't taken by a new project/group.

Closes #40525.

With Geo, attempting to view an endpoint with a user could result in an
Error 500 since Devise attempts to update the last sign-in IP and other
details.

Closes gitlab-org/gitlab-ee#4972

As per the discussion with @psimyn, this change does not affect the frontend, so user input will not be validated on the signin screen.

Instead, the value sent to the backend has leading and trailing whitespace stripped before looking up the user with find_by.

Closes #42637

Removing last_sign_in_at in specs

Fixes #32282.