Security fix, ability to delete user account and more

Today's update (94c74a7) brings with it the following changes:

Security issues

It was possible to change a user's password without their consent by sending specially crafted HTML which would be activated automatically using a CSRF/XSS attack when the user reads the message.
- This vulnerability was fixed by asking for the user's existing password before setting a new password or changing their email address.
- Users with access to the impersonate feature (special support staff) are allowed to change another user's email address without needing to enter the user's password.

The list_quota request handler now only shows the first 1000 users ordered by used storage size. This should ensure it never times out.

It is now possible to delete your user account. Only global administrators are allowed to delete accounts other than their own. If an account that owns course content (or other content outside their home folder) is deleted, that content is transferred to the orphan user. All remaining objects and containers, object quiz assignments, scores and account activity are deleted. It is not possible to login as this orphan user.
Added privacy policy link to standard footer template. When logged in, the link is moved to the top help menu. The link is only shown if the configuration variable privacy_policy contains an object identifer.

When an ePortal push message with the remove user action is received, the user is now permanently removed in Portfolio. If the user is a global administrator or has institutions associated with it the user is not deleted, only institution and course relationships are removed.
All links in the standard footer now uses HTTPS and have been updated. The HTML markup has also been improved.

Fixed some CSS bugs in the standard stylesheet. Should have no user impact.
Added a wrapper class for the template plugin CGI. Only the param() method is implemented, allowing for template code to easily use query string parameters.
When users register themselves using the selfreg request handler, the group they're registered into is now properly logged.

The course progress limit feature was never used. It has now been removed.
The event log action account_delete was removed. It didn't contain any usable metadata. All event log entries with this action have been removed.
The event log column container_id was never used. It has now been removed.
The object attributes cost and copyright wasn't used anywhere. They have now been removed.