Description of problem:
Users must verify their email address before performing any operations in the system. Users with unverified email addresses should be able to perform non-destructive reversible operations that do not have the capacity to harass other users.
allow signup process to complete without verifying email address
show a message at the top of the page warning that email is not verified. The message is shown until email is verified.
If user clicks "re-send activation email" several times (3 times), detect this and either offer to contact the admins, or automatically contact admins in the background.
show "(unverified)" next to username so that language coordinators can tell if someone is verified when they are adding a user to their team.
block funcitons that send emails such as contact admin, request to join language team, contact language team coordinators. This could be done by adding a role such as "email_verified" that is required to perform operations that send emails.
to allow data into the system from unverified users, we need a way to identify and remove data from a user who turns out to be malicious.