spam.m4, user-spam.m4: Log details about spam rejections for users.

  * When we notice a delivery to a user during recipient verification,
    take a note of the user's name in the `user' field of the
    address_data.

  * In the `rcpt_spam' ACL, pick the user name out of the address_data
    and remember it and the corresponding recipient address (in a rather
    unpleasantly escaped form) along with the others in the variable
    `$acl_m_spam_users'.

  * Finally, in `data_spam', if we end up rejecting the message, log a
    message with the condensed SpamAssassin report, and the user names
    and matching recipient addresses.

This leaves, in the rejectlog, enough information for a service to tell
which rejection reports apply to a calling user, and tell them about the
message.  We should be able to pick the sender address and the headers
from the usual rejection report, but we don't want to leak the other
envelope recipient addresses.  (The user would have seen the /header/
recipients had we not rejected the message as being spam; but the
envelope may contain Bcc recipients or other interesting secrets.)