Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users