Nextcloud account signup (or later on, Password recovery) should allow for Mastodon account, not requiring an email address

[esbeeb]

For new Nextcloud users, I think that having a Mastodon user account be the "back channel" for verifying a user account is better than email. Mastodon accounts can have a mechanism of verifiability (with special "rel=me" set up on a personal website, which Mastodon verifies, and shows green checkmarks in a Mastodon user's profile); email accounts lack this verification mechanism (using one's personal website as a place for verifiability to be cleverly planted).

I think specifying a Mastodon user account should be a "first class citizen" field (in Nextcloud's User management admin page, as in "/settings/users") for any Nextcloud User, such that it can be used for password recovery messages (or any other similar "back channel" notification messages outside Nextcloud). The "Forgot password" feature should be able to make use of this specified Mastodon account - sending a special recovery message as a Mastodon PM ("Private Mention"). Yes, these PM's aren't encrypted, but neither is email (used as a mechanism of password recovery), so it's no worse, that way.