Add basic support for a "Must Encrypt" mail flag which prevents unsecured content transmission

Summary:
Ref T13053. See PHI291. For particularly sensitive objects (like security issues), installs may reasonably wish to prevent details from being sent in plaintext over email.

This adds a "Must Encrypt" mail behavior, which discards mail content and all identifying details, replacing it with a link to the /mail/ application. Users can follow the link to view the message over HTTPS.

The flag discards body content, attachments, and headers which imply things about the content of the object. It retains threading headers and headers which may uniquely identify the object as long as they don't disclose anyting about the content.

The bin/mail list-outbound command now flags these messages with a # mark.

The bin/mail show-outbound command now shows sent/suppressed headers and the body content as delivered (if it differs from the original body content).

The /mail/ web UI now shows a tag for messages marked with this flag.

For now, there is no way to actually set this flag on mail.

Test Plan:

• Forced this flag on, made comments and took actions to send mail.
• Reviewed mail with bin/mail and /mail/ in the web UI, saw all content information omitted.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13053

Differential Revision: https://secure.phabricator.com/D18983