If an already authenticated user visits /accounts/login/,
Healthchecks will now redirect them to their dashboard
instead of showing the login form.

This fixes a security issue:
- attacker can crafts a redirect URL to an external site
- attacker gets victim to click on it
- victim logs in
- after login, Healthchecks redirects victim to the external site

The _allow_redirect function now additionally
requires the redirect URL is relative (has no scheme or domain).

If user has both WebAuthn and TOTP configured,
when logging in, they will be asked to choose between
"Use security keys" and "Use authenticator app".
The "Use authenticator app" is a link to a different
page (/accounts/login/two_factor/totp/). This commit makes
sure the ?next= query parameter is preserved when navigating
to that page.

For reference, the ?next= query parameter is the URL we should
redirect to after a successful login. Use case:
User is logged out. They click on a bookmarked "Check Details"
link. They get redirected to the login form. After
entering username & password and completing 2FA,
they get redirected to the "Check Details" page they
originally wanted to visit.

Fixes: #548

This has dual purpose:

* if user has both WebAuthn and TOTP set up, they can choose
  between the two as equal options.
* we initiate WebAuthn flow only after an explicit user action
  (button press). This may help with authentication failures
  on recent MacOS, iOS and iPadOS versions [1]

[1] https://support.yubico.com/hc/en-us/articles/360022004600-No-reaction-when-using-WebAuthn-on-macOS-iOS-and-iPadOS

For example, if we need to use a custom From: address,
we can now do:

    m = make_message("template-name", recipient, ctx)
    m.from_email = "...."  # customize here
    send(m)

- add optional `from_email` argument
- add test cases that exercise the retry loop

Fixes: #354

Fixes: #323

Fixes: #539

It is obsoleted by Profile.reports

This is to help troubleshoot 2FA issues without
running manual SQL queries.

PagerDuty Connect is deprecated and will be discontinued.
It is replaced by PagerDuty Simple Install Flow (see
README for setup instructions).

This is in preparation of adding an option for weekly
reports (#407)

Fixes: #512

When an account has a password, replace "Set Password"
button's label with "Change Password"

Cannot use functools.cached_property, as it was added in Py 3.8,
but we support 3.6+

Primary sort key: projects with overall_status=down go first
Secondary sort key: project's name