Make sure we cannot register organisation accounts to whereever we like

[jaytaph]

There are two ways to register an account to a mail server:

• server invitation token
• organisation invitation token

it's not possible to register on a server that you don't have permission from with a server token. However, it's possible to register on EACH server as long as you have an organisation token. This means we can register wherever we want with just a (random) organisation token.

In order to mitigate this, we can actually authorize the request by somehow tying the organisation token with the server. THis would result in things like having the organisation token signed by the mail server, but this makes the number of steps to actually register a bit too many.

Instead, we could for now have a sort of "whitelist" on the server. Inside the config, or in redis, we can add a list of organisations which we want to register for. If we register an account with an org-token, we not only check if the org-token is valid, but also check if the org is whitelisted on this server. If not, we cannot register.

THis is for now a sort of fallback until we can come up with something better (maybe OOB between server and organisation?)

[jaytaph]

We can achieve this whitelisting by actually not registering organisation addresses at all.. instead, we "symlink" organisation addresses to regular addresses instead.