Add a UI for the account recovery process

In addition, refactor the login engine with a simpler, http.Handler-oriented model, which is easier to follow and to extend.

Recovery works via the auth server, with either permanent or temporary tokens (for validation over email or other secondary channels) which are consumed once created.

Recovering an account resets second-factor authentication credentials.