Add "this wasn't me" functionality to password reset process

[mneudert]

Description:

Extends the password reset process with a "this wasn't me" functionality.

A new link was added to the (reworded) password reset email, allowing a user to invalidate the reset token without changing the user's password.

To support replacing the "reset password process cancelled" view, the event Template.loginCancelResetPasswordContent can be listened to. Writing any content to this event's variable will display that instead of the default content.

To prepare future auditing capabilities, the reset process has received the events for the three potential steps:

• Login.resetPassword.initiated
• Login.resetPassword.cancelled
• Login.resetPassword.confirmed

fixes #14543

Refs DEV-14582

Review

• Functional review done
• Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
• Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
• Security review done
• Wording review done
• Code review done
• Tests were added if useful/possible
• Reviewed for breaking changes
• Developer changelog updated if needed
• Documentation added if needed
• Existing documentation updated if needed

[sgiehl]

I've added a couple of suggestions for possible improvements. Functional testing worked fine, though.

[sgiehl]

The event could also be posted directly in the template within a {{ set }} or similar. Might be a bit less complex, as you can directly see in the template where the data is coming from. On the other side is the comment here above useful and we couldn't add it similarly in the template. So guess I would keep it that way.

[sgiehl]

One minor thing left. Everything else now looks good to me.