In order to help keep accounts safe, this change adds e-mail
notifications when something creates a new API token or updates/deleted
an existing one. This way, if something malicious somehow creates a
token on their behalf, or tricks them into creating a token, they'll be
notified so they can do something about it.

The create/update e-mails contain enough information to identify the
token without exposing the full token (in order to prevent someone with
e-mail access from reading the token ID). The delete e-mail contains the
full token, which is no longer in use at this point, so any
scripts/services using it can be identified.

Unit tests pass.
Tested creating a token, updating it, and deleting it. Received e-mails

for each operation, and verified the HTML and text contents.