accounts: update profile and password hashing

• NEW Adds support for allowing users to update their profile (nickname, email, family name and given name).

• NEW Adds support for users to re-request an verification email to be sent.

• NEW Adds new Passlib Flask extension to support configurable password contexts in Invenio. (closes #2874)

• NOTE Changes user model fields family name/given names to store empty string as default instead of null.

• NOTE Adds support for users to change email address/nickname. If you store email addresses in e.g. records or fireroles you are responsible for propagating the users change of email address by adding listeners to the 'profile-updated' signal. Alternatively you can migrate records (using CFG_ACC_GRANT_AUTHOR_RIGHTS_TO_USERIDS_IN_TAGS and CFG_ACC_GRANT_VIEWER_RIGHTS_TO_USERIDS_IN_TAGS) and fireroles (using "allow/deny uid <uid>") to restrict access based on user id instead of user email address.

• NOTE Refactors password hashing to (a) explicitly specify password salt instead of relying on the email address, since a change of email would cause the password to be invalidated (b) support multiple password hashing algorithms concurrently (c) automatic migration of deprecated hashes when users log in (d) allows overlays to specify their preferred hashing algorithms.

• NOTE Deprecates legacy Invenio's hashing algorithm based on AES encryption of email address using the password as secret key in favor of SHA512 using random salt and 100000 rounds.

Signed-off-by: Lars Holm Nielsen <lars.holm.nielsen@cern.ch>