Add extra (security) Roundtrip before resetPassword is available

[quasarchimaere]

Before making it possible to reset the password we need to add an extra roundtrip, this should be done as follows:

1. click reset password: server sends email with a generated token to the email adress provided in the login form. if no email is provided in the login form please show an error message that indicates that the email adress is still missing.
2. If that worked, display a message that tells the user to look in the inbox for the reset Link
3. the reset email (template needs to be created) contains a link (text only/no html mails!) that opens the forgotPassword-page and contains 2 parameters: (email-adress, and verificationToken), these two parameters should be automatically put into the corresponding fields (verificationToken is probably going to be a hidden input field of some sort)
4. clicking on "reset password" on that page will do an additional check that verifies the verificationToken, and displays a proper error message if the verificationToken has expired or is invalid

Hints:

• look at the verificationToken implementation in the owner-webapp as a guideline how to create these tokens