Fix password-changing issue and other bugs

Today's update (b33e7c9) brings with it the following changes:

Security issues

An issue preventing users without impersonate permission (almost everyone) from changing their own password was fixed.

When trying to render a thumbnail for an unsupported file format or broken file, the web worker process generating that image would exit early because of a PIPE signal, potentially triggering overload on that web worker node. It could also happen when transcoding wave audio files to MP3. These error conditions should no longer cause unexpected web worker process exits.
A lot of database refactoring has been done, some of it improving performance in certain situations.

Improved language in messages related to password reset and user account deletion procedures.
The amount of inactive users deleted is now increased from 5% to 40% each time the job is run. This should ensure inactive users are deleted faster.
Improved automatic test coverage, giving better protection against regressions.
Refactored a lot of request handlers to use newer coding style. This should allow us to remove unused, old code eventually.

In the My students report the dropdown group filter and the filter textbox wasn't always synchronized. Now, whenever one of them is used, the other is reset to avoid confusion. Only one of them can be used at the time. In addition, if you use the back browser button to navigate back to the page, the previous settings are put back. This information is stored in a cookie for 30 minutes.
Fixed an issue in report_score template function, where passing an empty string where a UUID is needed would trigger an error.
Fixed an issue in list_account_registrations request handler, where users with an unknown created timestamp wouldn't show up in reports. This should now be fixed.
In the avatar template function, if it was called without a size value, a warning was emitted. This is now fixed.
Avoid warning being emitted if object without created or updated timestamp is rendered.