Improve validation of email registration tokens

Embed the sender's account identifier into the token. If a user is
not correctly signed in to Gerrit Code Review when they try to verify
the token the address will not be verified. This may be useful in web
authentication cases where the user signed out of the sending account
in order to sign in to read the email of the destination account.

Also decrease the default token age from 5 days to 12 hours. If a
user doesn't validate the link quickly, it isn't really useful to
allow it to remain out there. Email address may change hands within
5 days (e.g. domain re-register or site admin shifting users around)
but they are less likely to shfit hands in 12 hours.

Change-Id: I36fe2bdf8fbe0afec1c80f129c598a1f47d537dc

gerrit-war/src/main/java/com/google/gerrit/httpd/WebAppInitializer.java

@@ -29,6 +29,7 @@ import com.google.gerrit.server.contact.HttpContactStoreConnection;
 import com.google.gerrit.server.git.LocalDiskRepositoryManager;
 import com.google.gerrit.server.git.PushReplication;
 import com.google.gerrit.server.git.WorkQueue;
+import com.google.gerrit.server.mail.SignedTokenEmailTokenVerifier;
 import com.google.gerrit.server.mail.SmtpEmailSender;
 import com.google.gerrit.server.schema.DataSourceProvider;
 import com.google.gerrit.server.schema.DatabaseModule;
@@ -185,6 +186,7 @@ public class WebAppInitializer extends GuiceServletContextListener {
     modules.add(new WorkQueue.Module());
     modules.add(cfgInjector.getInstance(GerritGlobalModule.class));
     modules.add(new SmtpEmailSender.Module());
+    modules.add(new SignedTokenEmailTokenVerifier.Module());
     modules.add(new PushReplication.Module());
     modules.add(new CanonicalWebUrlModule() {
       @Override