Add AWS Cognito authentication

[bgins]

Please add authentication using the AWS Cognito service. This should include:

• A client side implementation with register, confirm, and sign in pages that call from the elm application to AWS Amplify in JavaScript
• A server side implementation that sets up a Cognito UserPool for AWS Amplify to call. This should be set up using AWS CDK (or possibly CloudFormation if CDK is not an option).
• Some glue to configure the AWS Amplify with the UserPool and AppClient created by CDK

The sign up process for a new user should be:

• User fills in a sign up form with username, email, and password
• Cognito sends the user an email with a confirmation code
• User is directed to a confirmation page where they enter the code
• Cognito verifies the code and confirms the user
• User is directed to a login page where they enter username (or email) and password
• Cognito returns the user a set of tokens that are stored in localstorage

A user should have the option to request the confirmation code be sent again in case they do not receive it.

The user should stay logged in until they log out, and they should be automatically logged in on any other tabs that they have open.

When a user logs out, all tokens should be removed from localstorage and they should be logged out of all tabs.

Two other authentication flows should be considered.

A user forgets their password:

• User selects "Forgot Password" link from the sign in page
• User is directed to a request reset page where they enter their username (or email)
• Cognito sends the user a confirmation code
• User is directed to a reset password page where they enter username (or email), confirmation code, and a new password
• Cognito updates the user's password
• User is directed to the login page where they can sign in with the new password

A user wishes to change their password from a profile page:

• User is directed to a change password page
• User enters old password and new password
• Cognito updates the user's password
• User is directed back to the profile page

A decision should be made as to whether a user signs in with their username or email. There are some advantages of using an email. The forgot password page may be friendlier if users only need to guess what email they used. In addition, using email as the primary identifier guarantees its uniqueness with Cognito.

[bgins]

Work on this issue was started in 9bff9fe5231ee41dc58e9b2f903f61346b5788fa and 11fe03f8ec3f6f62504b6cdc42309f04f341e293. This should cover the initial sign up and login flows on the client side.

[bgins]

A couple of details to update on this issue:

1. A user changes account details from a Settings page. (We can reserve the Profile page for publicly displayed information.)
2. A user can update their email and password.

The second item implies that username is the primary form of identification for a user (not email). As a result, username cannot be changed.

[bgins]

A few more relevant commits that missed the issue citation: 8ad366d849bb87692b13932890748caed848747b, 3f36bd56ebdcc523c45f22fa4aa48a8307027a31, and 2e4458f61b6a8876848ca80be8b1dceacdd964b6.