BridgeDB must GPG-sign outgoing mails
To protect users against attacks in which someone forges an e-mail message which appears to be sent by BridgeDB, but which contains malicious bridges intended to target a specific user, BridgeDB must start GPG-signing its outgoing e-mail messages.
BridgeDB must also include the address to which it sent a message in the GPG-signed text, and warn users that they should verify that BridgeDB messages are GPG-signed and that the e-mail address in the signed message matches the e-mail address which the user requested bridges with.