Admin model with Devise authentication

[invisiblefunnel]

These changes setup the application to allow app-wide settings (and other privileged resources) to be managed through the web ui by admin users.

I've used the Devise registerable module to allow admins to change their email and password, but deny access to the new and create actions so admin records must be created via console or seeds. Admins can visit /admins/sign_in to login. Navigation links to edit an account and sign out are shown in the navbar if admin_signed_in?. Require admin privileges for a controller or action with before_action :authenticate_admin!.

A note: recent Devise versions require a secret key to be set which is used to generate random tokens. I don't think this key should be committed to the repository so it needs to be set through the DEVISE_SECRET_KEY environment variable except in development and test environments. See related discussion.

Feedback appreciated!

EDIT: These changes require CSRF protection. See #128.

[ohrite]

Hey Danny! We've decided to go with static CSVs in the data/ directory as our current approach to configuration. @waltz and I are closing this for now, but we'll reopen it if we change direction. Thanks!