Fixes

• Headless: When using email verification by code, you could incorrectly encounter a 409 when attempting to add a new email address while logged in.
• Headless: In contrast to the headed version, it was possible to remove the last 3rd party account from a user that has no usable password. Fixed.
• Headless: The setting ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION was not respected, and always assumed to be True.