Make "false positive" detection opt-in / privacy-friendly

[mxstbr]

Some good ideas by @ThisIsMissEm: https://twitter.com/ThisIsMissEm/status/1435610947402539011

You could perhaps change it to be pull & compare, so comparison is done on the users' machine
Another option would be to use a comparison method like that which HIBP'd uses: hash the url, then send the first N bits of the hash to the server, returning any hashes & URLs that start with those bits; client then looks in that list to see if the URL was present

Should definitely incorporate some mechanism like this in the next release, at least an opt-in toggle would be good as a first MVP.