* Restructure controller and res.users logic to prevent RPC authentication for
users with MFA enabled and add support for multiple simultaneous MFA sessions
* Switch trusted device cookies from using the DB secret to user-level secret
keys, thereby increasing security
* Remove MFA login tokens and trusted device model, which are now redundant
* Add migration logic that generates a trusted device cookie key for every user
with MFA enabled and cleans up device model ir records to prevent warnings
* Update unit tests and remainder of module accordingly
* Add relevant fields and methods to the res.users model
* Overload check_credentials in res.users to allow for logins using an MFA
login token rather than a password
* Add the res.users.authenticator and res.users.device models, along with
appropriate ACLs and record rules
* Add the res.users.authenticator.create wizard model and an associated view
to facilitate creation of res.users.authenticator records
* Extend base.view_users_form_simple_modif with fields needed to manage the
new functionality
* Add an AuthTotp controller that inherits from Home in the web module and an
associated view to introduce MFA logic to the login process
* Add several new exception classes that inherit from AccessDenied
* [ADD] res_users_password_security: New module
* Create new module to lock down user passwords
* [REF] res_users_password_security: PR Review fixes
* Also add beta pass history rule
* [ADD] res_users_password_security: Pass history and min time
* Add pass history memory and threshold
* Add minimum time for pass resets through web reset
* Begin controller tests
* Fix copyright, wrong year for new file
* Add tests for password_security_home
* Left to do web_auth_reset_password
* Fix minimum reset threshold and finish tests
* Bug fixes per review
* [REF] password_security: PR review improvements
* Change tech name to password_security
* Use new except format
* Limit 1 & new api
* Cascade deletion for pass history
* [REF] password_security: Fix travis + style
* Fix travis errors
* self to cls
* Better variable names in tests
* [FIX] password_security: Fix travis errors