#39 Password reminder

[John Churin]

This task is to add a password hint mechanism.
1. Add a passwordHint attribute to the TolvenUser entity.
2. During registration, the password hint can be entered.
It is not to be encrypted.
3. In the EditUserPreferences form, allow the password hint to be changed.
4. In javascript, provide a hide/show toggle for this field, default is hide. For the user to change (or just see) the hint requires that the "show" the field.
5. Add an option to the login form which links to a new "forgotPassword" page (in the /public folder).
6. This new page requires a CAPTCHA image to verify that this is a human.
7. The user must enter their user id but the user will not receive any direct feedback that id they entered is valid or not.
8. If the user was in fact a valid user ID, then an email containing the hint will be sent to the user's last-recorded email address.
9. A link in both the email and on the forgot password page should direct the user back to the Tolven login page.

Note: Due to Tolven's "no exceptions" rule for document encryption, it is not possible for the system to simply assign a new password to a user (the old password is needed to change passwords and the system does not have the password).