Add email verification validation

[moshfeu]

Currently we don't check whether the email / account is verified so we treat unverified like they verified. We should check that and make the whole flow works

• Users shouldn't be able to access authenticated features and methods until they verified. Every blocked api should respond with status 403 or 405 (we should decide)
• Users should be able to request to resend a verification email.

Resources

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses
• https://auth0.com/docs/users/verify-emails