998 Passwordless login

[vimark1]

fixes #998

• This is mostly based on the password reset token
• The token lasts 5 minutes
• If an account is not found, the user sees a vague message "If the email address you entered exists, you will receive a magic link shortly.". This is to prevent the app from disclosing wether an email exists or not. See https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#authentication-and-error-messages
• It will verify the user's email on their first successful login
• The magic login link respects the returnTo session data. So it will return to the requested page after login
• Contents of the email is printed to console in development mode for ease of use and testing

[vimark1]

Sorry to ping @YasharF but I spent a lot of time on these contributions and they haven't been reviewed. Happy to help with reviews if I be added as a member of this project. Thank you

[YasharF]

The implementation isn't quite what I was envisioning, hence I need to put some thought into it. At the same time I have a high priority GPT project that I am working on, so it is going to take some time for me to get thru this.

[vimark1]

Any updates on this @YasharF ?

[vimark1]

Keen to get this merged through @YasharF - what are the changes I am required to make?