Password recovery hint for service subscribers

[luckyrat]

Service changes:

• Create a new DB field to store a hint up to 128 characters long
• Field contents will be encrypted using same PII encryption key as used for customer email address
• Create a new API endpoint to receive a user's request to see their hint
• API will be public but rate-limited
• API endpoint will record user's email address and hint (both encrypted) in a pendingHintEmail DB, along with timestamps and request metadata
• Changes to that DB will trigger a function to send an email to the user
• Email will contain the hint if available, general tips on trying variations of a theme and a link to start the account reset process if all else fails

App UI changes:

• Add a "send me my hint" button or link at the same places as the account reset process can be requested.
• Add an optional field to the account registration page in KV1 (and 2 if Google/Apple ever allow us to register users within the app)
• Add an optional field to the account management page in KV1 (and 2 once that is implemented for changing the password)

Given that this is a lot of work and users can workaround the absence of this feature by recording their hint somewhere else, it's not a high priority task but it would add an additional level of reassurance to the user during the initial account signup.