Swap Twilio SMS with Twilio Verify

[costowell]

What

• Uses Twilio verify instead of just the plain SMS
  • Notably, Twilio knows all the SMS codes, not us
  • When a verification code is submitted, all Twilio needs is the corresponding phone number

Why

• Due to law changes as of 2023, we need to apply for a "campaign" (more like campain amiright) to send arbitrary SMS messages
  • We keep getting rejected lol
• Twilio verify doesn't need any of that!

Test Plan

1. Happy path
   • Submit username
   • Get code
   • Submit code
   • Change password
   • It works!
2. Less happy path
   • Submit username
   • Get code
   • Submit WRONG CODE
   • It kicks me back to the username submission screen
     • Notably, the recovery sessions is still valid and possibly an avenue to be botted since its not behind a captcha
3. Even less happy path
   • Submit username with no phone number
   • "We weren't able to find any information attached to your account which could be used to automatically recover it."
4. Depressed path
   • Submitted non-existent username
   • "Uh oh, either that account doesn't exist or we don't have a way to verify your identity."
   • Isn't this kind of stupid to be like "oooOOoooOoooO we don't know if it exists or not" when the other message is clearly different when it does exist lol

Env Vars

No more TWILIO_NUMBER

Checklist

• Tested all changes locally