Allow blacklisting domains

[fluffy-critter]

It's probably a good idea to allow the email handler to deny certain addresses, e.g. mailinator.com or other such providers. Maybe have an EMAIL_BLOCK_ADDRESSES config value which takes a list of globs or regexes or something?

Normally this should be up to the application itself, but the fact that emails get sent/validated outside of the application means there might be a reason someone would want to prevent the emails from being sent/allowed in the first place.

[fluffy-critter]

On second thought, having a centralized blacklist configuration would be preferable, since there might be a desire to also domain-block IndieAuth (e.g. commentpara.de or other bad-actor sites) or Fediverse (poor-reputation instance servers) and so on.

But thinking of it that way makes me realize that this does, in fact, belong in the application, not in Authl, and it should be up to the application to not start the authentication flow on blacklisted domains (solving the concern raised in the original issue).