Auth: better handling of user status

[gi0baro]

As originally pointed out by @GiantCrocodile on https://github.com/gi0baro/weppy/commit/e11f6637b9e8b50347f6c07760629b7d4e9429e3#commitcomment-14870341, would be nice to have a better handling of user status (registration_key property of Auth users) in particular:

• pending for not activated users when the Auth module is configured with verification
• disabled for conditions where users were blocked (bruteforce, unknown IP range, asked deactivation by user, etc.)
• blocked intentionally blocked/banned users

Now, pending users needs to activate their accounts in order to perform actions, disabled users need to reset their password in order to activate account again, and blocked can't perform any interaction at all.

Instead of a generic function as proposed here https://github.com/gi0baro/weppy/issues/72#issuecomment-163029482, I would prefer explicit helper methods in Auth module and/or users' rows (virtual methods) to handle all the situations, like:

auth.disable_user(user)  # or id
auth.block_user(user)  # or id
auth.allow_user(user)  # or id
user.disable()
user.block()
user.allow()

[GiantCrocodile]

I'm curious why the status is called registration_key. It isn't really registration depending. I think this should be renamed when we work out a better handling of this.

[gi0baro]

@GiantCrocodile is called registration_key because with email validation will be set to a unique token that will be used to send the link for activation to the user. pending status is used only with admin validation. I think the name will remain untouched :)