Update mail dependency

[jessieay]

• V 2.5.4 raises security advisory: Title: Mail Gem for Ruby vulnerable to SMTP Injection via recipient email addresses Solution: upgrade to >= 2.6.0
• others have implemented this in forks
• eg https://github.com/anjinfan/savon-multipart/commit/d8ee7bb724133a2819b3a25c5c3ce71e65d41f82

[tjarratt]

Sorry for the terribly long delay in merging this @jessieay -- I hadn't been aware of this issue. I was aware last year that this version of the mail gem was horribly outdated.

My gut tells me that Savon users probably weren't affected by this vulnerability, based on what we actually do with the Mail gem, but anyone wanting to use the Mail gem for, you know, actual mail purposes, (which, for all I know, could be every single Savon-Multipart user!) would certainly be affected.

This is probably going to leave some of our tests in a horribly broken state, but it's probably better to do this than to let the issue as is.

Thanks for issuing the pull request!