Don't allow users with unconfirmed emails to sign in

[enewe101]

Right now, when a new user signs up, an email is sent out to the email that they provided with a special link, which, when clicked, proves that they really have access to the email account they gave. Initially the UserProfile entry for that user has email_validated == False, and clicking it sets it to True. But, there's no enforcement if a user with email_validated==False tries to sign in.

Here is what should happen instead. If a user provides valid credentials but has email_validated == False, they should not be logged in using the auth middleware. They should instead be redirected to a page that allows them to resend the confirmation email.

[enewe101]

If users login without their email validated, they are forwarded to a page saying they need to validate their email. They can initiate a new email to be sent to do validation.

Any posts, whether ajax or normal syncronous posts, will be rejected by the server if the logged in user is doesn't have a validated email.

In all the places where Tooltips are given saying "you must login" for non-logged in users, analogous tooltips are given saying "you must validate your email" for users that are logged in without email validated.

Attempting to view pages that require login, when logged in but with invalid email, causes redirection to the page saying they need to validate their email.

Testes ensure that all login-required posts and views prevent access / processing for users without validated email.