Always filter for certified members unless the user specifically
searches for non-certified or "all users".
Admin searches for banned/disabled also search all users.
* Inner circle: users have the ability to remove themselves and can avoid being
invited again in the future.
* Admin actions: add a "Reset Password" ability to user accounts.
* Admin "Create New User" page.
* Rate limit error handling improvements for the login page.
* Add an Admin Certification Photo workflow where we can request the user to
upload a secondary form of ID (government issued photo ID showing their
face and date of birth).
* An admin rejection option can request secondary photo ID.
* It sends a distinct e-mail to the user apart from the regular rejection email
* It flags their cert photo as "Secondary Needed" forever: even if the user
removes their cert photo and starts from scratch, it will immediately request
secondary ID when uploading a new primary photo.
* Secondary photos are deleted from the server on both Approve and Reject by
the admin account, for user privacy.
* If approved, a Secondary Approved=true boolean is stored in the database. This
boolean is set to False if the user deletes their cert photo in the future.
* Add a transparency page where regular user accounts can list the roles and
permissions that an admin user has access to. It is available by clicking on
the "Admin" badge on that user's profile page.
* Add additional admin scopes to lock down more functionality:
* User feedback and reports
* Change logs
* User notes and admin notes
* Add friendly descriptions to what all the scopes mean in practice.
* Don't show admin notification badges to admins who aren't allowed to act on
those notifications.
* Update the admin dashboard page and documentation for admins.
