* add user onboarding workflow
* fix user editing (no edits of passwords of regular users after
onboarding)
* refresh HIBP breach cache in DB on app start-up
* display HIBP breach details
* fix request scheduling to prevent panics (this still needs some love..)
* fix middleware auth
* add TODOs
* update head.tmpl
* reword some error messages
have the app create the initial admin user:
* if the db has not yet been set up
* if there are not users
* if the config value for Init.CreateAdmin is True
* if the admin password is not empty
default username, email values can be seen in modules/user/const.go
