fix: email-sendhook - bug in email change verification (#2044)

This change sets EmailData.Token to the new OTP when the secure email
change setting is set to true.

This should fix:
#1744
#2042

Note:
I am fixing this bug in a way that is consistent with what I view to be
the current bug. I believe for email changes token_new and
token_hash_new should always contain the values for the users new_email
field. This should be fixed in the future in a way that doesn't break
BC.

---------

Co-authored-by: Chris Stockton <chris.stockton@supabase.io>

Author: 2 people