SECURITY: Destroy `EmailToken` when `EmailChangeRequest` is destroyed (PR #13950)

GitHub