* add user onboarding workflow
* fix user editing (no edits of passwords of regular users after
onboarding)
* refresh HIBP breach cache in DB on app start-up
* display HIBP breach details
* fix request scheduling to prevent panics (this still needs some love..)
* fix middleware auth
* add TODOs
* update head.tmpl
* reword some error messages
* also automatically use hibp api key with direnv and in CI
* check for rate-limit
* don't interpret rate-limit in tests as a failure
* report errors properly
* change hibp schema's date field to string, as the date format would
prevent direct unmarshaling. instead, marshal to string, convert later
* the scheduler is in place in order not to get throttled after going
over API limit
* the scheduler detects when in testing mode and changes little bits of
behaviour
* add tests for some basic requests
* run the requests scheduler as a background service during testing
