Add basic checks for bot activity on form

[ccali11]

@shanejearley Here are the methods I've employed to deter bot sign-ups:

• Standard email validation using regex - needs to end in @something.something, for example
• Hidden <input> "bot trap" - some bots will fill out this input notifying us it is spam while real users will never see it
• "Time analysis" - rejects the email if submitted less than 3 seconds from landing on the web page
• Email Address Length - if shorter than 5 characters or longer than 100 characters, we reject the email

Check out this article that I drew inspiration from and let me know if you think we should employ any of the other techniques. The other ones I'd consider are:

• Adding a ReCaptcha - although when I started down that path it looked like it was for GCP projects only; could be wrong about that. Will investigate further if you think this is worth the slight drawback to user experience. I think there are other "open source" options that we could potentially use as well.
• Double Opt-In - may be more trouble than it is worth, but open to doing this

The ones I didn't understand, which could be helpful to hear your interpretation of:

• 6. Hide Target Requests
• 10. Beware of Cross-Site Request Forgery (CSRF)

Submitting PR now (copying and pasting this comment from my comment made in issue #33 thread for your convenience)

[shanejearley]

@shanejearley Here are the methods I've employed to deter bot sign-ups:

• Standard email validation using regex - needs to end in @something.something, for example
• Hidden <input> "bot trap" - some bots will fill out this input notifying us it is spam while real users will never see it
• "Time analysis" - rejects the email if submitted less than 3 seconds from landing on the web page
• Email Address Length - if shorter than 5 characters or longer than 100 characters, we reject the email

Check out this article that I drew inspiration from and let me know if you think we should employ any of the other techniques. The other ones I'd consider are:

@ccali11 could you share the link? ^ Sounds good.

• Adding a ReCaptcha - although when I started down that path it looked like it was for GCP projects only; could be wrong about that. Will investigate further if you think this is worth the slight drawback to user experience. I think there are other "open source" options that we could potentially use as well.
• Double Opt-In - may be more trouble than it is worth, but open to doing this

The ones I didn't understand, which could be helpful to hear your interpretation of:

• 6. Hide Target Requests
• 10. Beware of Cross-Site Request Forgery (CSRF)

Submitting PR now (copying and pasting this comment from my comment made in issue #33 thread for your convenience)

[ccali11]

@shanejearley - I updated my initial PR comments with the article about ways to deter bots I referenced that I forgot to share link: #48 (comment)