Added high security requirement to add/delete email addresses

Summary: Fixes T10999. Now MFA will be required for all email address related operations.

Test Plan: Ensure that adding and removing email addresses now requires you to enter high security mode.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Maniphest Tasks: T10999

Differential Revision: https://secure.phabricator.com/D16444

src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php

@@ -165,6 +165,11 @@ final class PhabricatorEmailAddressesSettingsPanel
     $user = $this->getUser();
     $viewer = $this->getViewer();
 
+    $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
+      $viewer,
+      $request,
+      $this->getPanelURI());
+
     $e_email = true;
     $email   = null;
     $errors  = array();
@@ -276,6 +281,11 @@ final class PhabricatorEmailAddressesSettingsPanel
     $user = $this->getUser();
     $viewer = $this->getViewer();
 
+    $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
+      $viewer,
+      $request,
+      $this->getPanelURI());
+
     // NOTE: You can only delete your own email addresses, and you can not
     // delete your primary address.
     $email = id(new PhabricatorUserEmail())->loadOneWhere(