Invite user API

[jace]

Users may invite other users via Client apps. #59 already discusses new columns and APIs for clients to communicate with Lastuser and for these introductions to be tagged with the client.

However, tracking users may also be apt. This implies:

1. A new user/new resource+action (restricted as per #75) for the ability to create new user accounts
2. Apart from the User.client_id column (from #59), a User.referring_user_id column that links back to the User who made the introduction
3. A Client-provided email template that Lastuser will send out, with a link to confirm the provided email id. Since Lastuser cannot asses the contents of client-provided templates (apart from ensuring the verify link is present), this resource is restricted to trusted clients.

[jace]

When an invited user ignores the email and attempts to register directly on the site:

1. If the user uses the register form directly and provides the same email address, instead of a validation error we tell them they already have an account and ask if they'd like to reset the password (also applies if they are an active user). If the email (and not the account) is associated with a UserExternalId, we suggest it can be used (except UserExternalId does not track the emails it introduced, so this part may not be feasible).
2. If the user uses a social login and the account was in invited state, switch it to active state and take them to the invited profile form to confirm their data (full name, etc).