a user getting multiple invite emails is only able to click on one of them

[hahn-kev]

per https://github.com/sillsdev/languageforge-lexbox/pull/567#discussion_r1491276240 this could happen but right now would get lost. But it's out of scope for that PR.

Bug: If a user is invited to multiple projects (or orgs) then they would only be able to click on one of those links, then the rest will not work correctly.

Solution: Users should be able to click on the links in other emails, the backend will detect that they already have an account and add them to the project/org in the invite email. We don't want to send them to the user registration page in this case.

[myieye]

2 theoretical scenarios that could break an invite link:

• For a course, a teacher invites every student to a FLEx project and a LIFT project. Students would only be able to join one.
• A user registers an account after getting an invite email.

[rmunn]

Besides fixing this, #1043 also checks that the email address in the invitation link matches the email address in the JWT. Without that check, someone who manages to get access to an email invitation that isn't theirs (perhaps by persuading the genuine recipient to forward the email to them) could easily rewrite the URL in the invite link to include their email address. We verify that the JWT is genuine, but then we trust the email address from RegisterAccountInput without validating it. So #1043 closes that hole.