Right now we log sysop email changes in badpass (from a hook in wmf-config)
We should log this in core to the authentication channel and we should do it for all users
For example, in the event of compromise and attacker changes email, we want to know the old email so we can return account to original users, as well as the new email in the logs for ease of grepping