Clarify that sign in after registration + require verified address for login do not work well together

[aeneasr]

Discussed in #418

^{Originally posted by stephentuso March 28, 2025}
This seems like it could be the wrong behavior - when "sign in after registration" and "require verified address for login" are enabled, the session becomes active before verification is completed during the registration flow.

e.g. after registration, the verification form appears. At this point I wouldn't expect the session to be active, but navigating back to the app without completing the verification results in a valid session. The sign in flow does work as expected and the session isn't started until after verification.

Of course I can handle blocking access without verification on the application side, but it would be nice if that could be completely handled by Ory