Disable email notifications for confidential bugs
I had opened #23 (closed) weeks ago for expressing my concern that confidential bugs may leak information as email notifications are sent in the clear. That issue got closed by adding respective warnings to the gitlab help, which is great.
However, as we see with tpo/applications/tor-browser#40075 this is not enough. We need to take a more proactive stance before we can use this important feature widely. At a minimum (which is the content of this issue) we should disable email notifications automatically for confidential bugs, so that reporters don't shoot themselves in the foot and accidentally harm our users.