Allow unverified accounts to be authenticated for a limited amount of time.

[vinneyk]

In the instance you want to require account verification but you want to allow new users to gain access to the website right away, without the need to wait for an activation email, this feature enables developers to open a temporary window of access. This feature is inspired by Slack's account onboarding procedure which gives new users a window of 3 days to activate their account.

Note, however, that setting the new AllowUnverifiedAccountsWindow configuration setting will override the VerificationKeyLifetime setting to match. It doesn't seem to make sense that you'd have a verification key which expired before the verification window was closed but I would likely concede if that was deemed be too aggressive.

All tests are passing. I took the liberty of bumping the NuGet versions.

[vinneyk]

I'm retracting my PR because it does not handle the AuthenticationService.SignIn which is really where it was needed.