Email notifications, better spam protection and improved documentation

Today's update (39c09ac) brings with it the follow changes:

Security issues

Improved our HTML form spam protection mechanism. You'll now need to check a box to confirm you're a human when you want to recover your password or register an account.

You'll now be notified by email if you have unread messages in your inbox. You can choose to get these notifications immediately when a new message arrives, or once per day or week. You can also turn them off if you don't want them. The default is to get weekly notifications. You'll need to go to your user profile page to change this setting. Only the user itself can change this setting.

It is now possible to preload videos by using the preload attribute in the embed template function. It is actually enough to just preload metadata to ensure the video object is cached properly by the backend. This is most likely only needed for somewhat large videos.
Syndication feeds (RSS) are now handled by an external component instead of using XSLT. This should ensure we encode content much more standards-compliant. We also now support all RSS variants and Atom. The default feed format has changed from RSS 2.0 to Atom. If you have used feeds from Portfolio somewhere else you'll need to update the link to the new format.
Additional reference documentation for template handlers have been added from our internal wiki. Especially the quiz and embed template functions have gotten much better documentation, including examples. Clarification on recommended and deprecated ways of calling them are now documented.
All of the XML returned by the HTTP API is now generated in a more consistent way. This should not impact anyone.
We're now using an automated method for gathering code coverage, which will help the developers to improve the quality of the service over time.
The access key feature has been modified extensively in the backend. This means it has a higher risk of regressions. Be aware.

The XSLT feature was completely removed. That also means that the server_xsl query parameter to read_container request handler was removed.
The PORTFOLIO.do_decoding() JavaScript function was removed. It was not in use.