11 fix delete account flow

[chriscarrollsmith]

The User model has a deleted column that we set to True if the user has deleted their account. So we need to make sure that in our auth endpoints and helper functions, we don't return deleted users (or allow deleted users to perform account actions). This approach is more complicated than actually deleting the user, but it has the following advantages:

• Allows easier recovery of deleted data
• Allows auditing of database history
• Allows us to preserve rather than cascade-delete records with user_id as a required foreign key

However, here's the part I don't love:

• If the user deletes their account data, they expect it to actually be deleted
• If an attacker compromises deleted account data, users who thought they deleted that data are going to be mad
• We could always just make user_id optional for any records we want to retain after user deletion

So, it's possible this is the wrong approach.

[chriscarrollsmith]

Changed my mind and went with a flow where we actually delete the user record.

• Reverted my previous changes
• Removed deleted attributes from all database models
• Performed an actual delete in the delete_user endpoint
• Cascaded the delete to dependent RolePermissionLink and PasswordResetToken errors

Additionally, in this PR:

• Added Pydantic request models for a couple endpoints in user.py
• Added tests for the user.py endpoints as well as a couple in main.py
• Replaced the client fixture in the test suite with two separate fixtures, and authed_client and an unauthed_client
• Changed get_authenticated_user in utils/auth.py so it uses a 303 rather than 307 HTTPException (because 303 changes POST requests to GET, whereas 307 redirects the original POST request to a different endpoint, which is not what we want for unauthorized POSTS)

[chriscarrollsmith]

@AkanshuS, want to try your hand at code review? Good skill to know when applying for jobs!