[Added, Improved, Fixed] Security hardening hotfix

Added

Suspicious signup review state

Sign-ups that look potentially fake or unsafe are now routed to a “pending approval” state instead of being activated immediately. This extra checkpoint helps keep spam and malicious accounts out of Classet while still allowing genuine users to complete registration after manual review or by correcting their details.

Improvements

• The signup form now blocks role-based emails such as postmaster@ or webmaster@ and suggests corrections for common domain typos like “@iclou.com.”
• Email addresses are checked for valid mail servers before an account can be created, reducing bouncebacks and wasted outreach.
• Candidate first and last names are validated across the apply flow and send-interview actions, preventing special characters or links from slipping into recruiter emails.
• Incoming SMS messages are accepted only when their Twilio or MessageBird signatures are verified, stopping spoofed texts from reaching recruiters.
• The send-interview endpoint now has a rate limit to prevent bulk spam submissions and protect system performance.
• Clear, user-friendly error messages appear whenever an email or name fails the new validation rules.

Fixes

• Eliminated a loophole that allowed attackers to inject phishing text into recruiter email subjects via the job-application form.
• Blocked unauthenticated HTTP requests that could forward spam SMS messages to recruiter phones and inboxes.
• Fixed rare "Something went wrong" errors on the signup page caused by browser-side DNS checks.
• Addressed several hidden test failures so future releases can ship without CI interruptions (no change to user experience).