Only send "Trusted Publisher ... can be made more secure" emails once per publisher

[di]

Currently we send a notification email every time a Trusted Publisher is used within an environment for a publisher that is not constrained to an environment:

warehouse/warehouse/oidc/views.py

Lines 325 to 342 in 071ee72

	# Send a warning email to the owners of the project using the Trusted Publisher if
	# the TP has no environment configured but the OIDC claims contain one.
	# The email contains a link to change the TP so that it only accepts the
	# environment seen in the current OIDC claims.
	#
	# Note: currently we only send the email if the Trusted Publisher is used in only
	# a single project, since multiple projects using the same TP might mean they don't
	# use a single environment.
	if len(publisher.projects) == 1 and should_send_environment_warning_email(
	publisher, claims
	):
	send_environment_ignored_in_trusted_publisher_email(
	request,
	set(publisher.projects[0].owners),
	project_name=publisher.projects[0].name,
	publisher=publisher,
	environment_name=claims["environment"],
	)

This is somewhat spammy for users who choose not to do this intentionally, with no ability to disable the notifications.

We should only send this email once per publisher. This could be done by adding an additional column on the publisher that indicates whether a warning has been sent or not.

[Daksh2000]

Hi @di, Taking up this issue