+ Sending a reset password token is now possible while being logged in
+ Mark required settings fields with a star *

- All apps should use App as global namespace and not something like
  "UCP"

This is the first thing I am moving to a separate microservice app.

WTF how did I forget this??

Currently supported mailinglist providers:
- mailman2

This might probably be outsourced to be a separate micro application.

TODO: Implement all kinds of frontend management stuff, e.g.:
- Removing grants

- Adding new applications
- Removing applications
- Editing applications

- Simple authorization using groups

One model+bindings+controller should use one file. Previously, multiple
of these combinations shared a file which made things more and more
confusing.

Previously there was no escaping so query parameters inside the redirect
url got treated as part of the actually requested url.

LDAP groups are derived from the user's object objectClasses. As there
is always some LDAP-specific noise, one can ignore default objectClasses
via the config file.

Currently there is no use of the groups, but in the future™ they are
going to be used for e.g. user management, oauth2 app management, …

In case the session is lost, the last known username is prefilled in the
login formula. Speeds up logging in again. When the user regularily logs
out, the last known username cookie is cleared to leave no trace.

If a protected resource is now accessed without a valid session, the
user is pointed to the login screen and afterwards redirected back to
the protected resource.

TODO
* Add per-field error handling
* Add "I need help"-link
* Add delete account option (how?)

+ Globally add the .User pipeline to the template data ctx

You can now request a password token (which is stored in the database)
with which the password can be (re-)setted within the webinterface. This
is not really LDAP-aware, but seriously more secure than sending out a
new password via mail.

TODO implement actually sending the token URL via mail. Currently it is
     just printed out on the cmd …

+ Fix .gitignore to seriously ignore the sqlite3 database

Currently, only sqlite is included. Might change in the future™ as gorm
supports all the databases

+ Refactor the LDAP provider
+ Add GetUser method that returns the user object for an arbitary
  username if there is one

Now it is possible to login with either the uid or email. See an example
query inside app.json.example

Now, routes are only specified at one central place and referenced
everywhere else in the code.

+ Encourage future use of i18n by doing it up from the first code commit
+ Basic template structure including flashes/…
+ Working flash errors

+ Reuse LDAP authenticator from prior experiments
+ Implement authenticator using an interface so we can easily implement
  e.g. a database authenticator later on