Update a bunch of middleware, pages and libs to destructure i18n funcs if used more than once to not repeat res.locals
ref #396 (going to try and remember this from now on)
- Don't allow code re-use, successfully used codes will be invalid on repeated use for the window time
- Don't attach the full twofactor secret to user object in session for security. Only store a boolean if it's enabled for rendering, checks, etc. The full account should be fetched first before doTwoFactor()
- Better names for some keys of twofactor redis stuff
bugfix already appealed bans showing as "appealable"
minor ban form/ban mixin tweaks
no more sketchy way of "clearing" the form and resubmitting to show bans page. nice!