Here is my attempt to prevent user enumeration.
I've made the following changes:
**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages
- adds logging for attempted password resets of unknown users
- adds logging for failing emails
**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered.
Please excuse the commit mess. I am currently fighting with my tooling.
