Big change to mailing list subscription/unsubscription!
The old confirmation method involved generating a confirmation token
during the first opt, which was mailed to the user and saved to disk
so they could confirm it in the second opt. In the new code, the
token can be re-generated persistently by the server using a
combination of the email address, the room name, and a host key that
is known only to the site operator (stored in the config db). So
there is no longer a need to store the pending request, and the
confirmation links are valid forever (and reusable!).
Aside from being algorithmically nifty, this will also give us the
ability to implement "one click unsubscribe" in the near future.