Before this, if a request was not coming from an existing user (no token
in the request or no user with the given token), then and only then
would we send the access captcha. This meant that if a user left a chat
message and became absent, they wouldn't be prompted to do the access
captcha again until their message was eventuallly rotated. (While
messages exist we don't delete the users who posted them.)
This commit makes it so if user['verified'] is None, the user is kicked
and prompted with the access captcha. This is automatically done for
absent users by a background task.