Support email validation passphrase in authentication UI

[natevw]

In order to complete the work of storacha/w3up#399 a new "email validation phrase" will need to be bubbled up…

• from the @web3-storage/access-api
• to the @web3-storage/access client
• through @w3ui/keyring-core
• into each framework's KeyringProvider/Authenticator
• made available to the end-user on the requesting side of validation

Such that the user sees something like this as they go to validate an email address:

This will allow users to cross-check (on the approving side of email validation) that the delegation request(s) that the Access API is sending to their inbox actually came from them and not someone else trying to gain access, without making them compare DIDs or parse UCAN tokens.

[natevw]

The corresponding work on the w3protocol side is about ready for review. The upshot here will be that all three versions of the KeyringProvider should now provide a phrase handler callback when they create the space, changing roughly from:

await agent.registerSpace(email, { signal: controller.signal })

and adding the additional callback option perhaps something like:

await agent.registerSpace(email, {
  signal: controller.signal,
  handlePhrase: (words: string) => { /* new state! */ setValidationPhrase(words) }
})

That example ^^^ assumes a new const [validationPhrase, setValidationPhrase] = useState<NoncePhrase>() but maybe that's not the right solution, basically whatever it takes in the body of the handlePhrase callback to collect the string and get it on its way out into the UI.

[natevw]

Tagging @travis @olizilla @alanshaw if anyone wants to grab this or at least start planning for it. The PR storacha/w3up#399 on the w3protocol side is ready for review and could start getting tested out here on the w3ui side.

(See my comment above for how my proposed changes there would come into play here.)