Allowing users with unconfirmed/unverified email addresses to
authenticate to an external service using GitLab OAuth is not
secure. This change enforces that a user must have a confirmed
primary email address to proceed with OAuth.