allow local alias email addresses as recovery addresses
If a recovery address points to a locally hosted domain, we verify whether this address actually exists. Due to the initial consideration of sending recovery keys only to trusted mail environments, we only allowed local boxes.
Given we relaxed this in general, we should now also allow alias, so we still check for valid mail addresses, but also allow aliases.