Add 'forgot password' feature #16
Description
The application needs a "forgot password" feature which allows users to enter their email address on a dedicated form, and if an account for this email address exists, an email is sent to the address, with a link that is valid for 24 hours and which, if clicked, provides a web UI form where the user can set a new password for the account mapped to the email address.
The implementation needs to ensures that this feature cannot be used to determine if an email address is registered or not; the web UI reaction is always the same, whether the email entered on the "forgot password" form is known in the system or not.