We need tokens to verify control over email addresses (see #388).
- be tied to an email-address (or account?),
- be hard to guess,
- have a lifetime,
- have a date (in order to prevent too many repeated requests per time slot).
- Do we need a keyword to request tokens?
- Do we need the possibility to generate tokens for email addresses that are not subscribed at all? (Could make sense if we would also provide the option to upload a key to an account, so admins can "pluck" a key from the account if they subscribed the email address.)