Handle new email login stage with censored address suggestions

We recently patched Swiclops to remove a privacy disclosure vulnerability. Now the email login request token stage does not send the user's full email addresses to the client. Instead the addresses are censored to something like c***t@f**o.org for cvwright@futo.org etc.

On the client, we need to display the addresses from the stage params as suggestions, not as valid choices that can be sent back to the server unchanged. And we must add a text input field so that the human can provide the full un-censored address.