Auth Email Signup

Register a new account with an email and optional password. The password requirement is dependent on how the instance is configured for account authentication with email addresses (password vs magic link.) When the email address has not been registered, this endpoint will send a verification email however it will also return a session cookie to facilitate pre-verification usage of the platform. If the email address already exists, no session cookie will be returned in order to prevent arbitrary account control by a malicious actor. In this case, the email will be sent again with the same OTP for the case where the user has cleared their cookies or switched device but hasn't yet verified due to missing the email or a delivery failure. In this sense, the endpoint can act as a "resend verification email" operation as well as registration. In the first case, a 200 response is provided with the session cookie, in the second case, a 422 response is provided without a session cookie. Given that this is an unauthenticated endpoint that triggers an email to be sent to any public address, it MUST be heavily rate limited.