allow setting envelope from in mail()
PHPMailer sets the envelope from via additional_params. Lets whitelist a parameter that consists solely of `-email@example.com`. This is using a slightly restricted subset of characters that are valid in emails. But doing something more precise there seems like overkill.