login: Use AJAX to authenticate, add a shake effect

This changes the staff authentication process to use AJAX to authentication
(with a failsafe of using traditional page requests). If the authentication
fails on the server because of CSRF problems, the page is refreshed in the
browser fetching a new CSRF token. If the authentication fails because of
password issues, the login box shakes and the user can retry. As before, the
`forgot password` link shows up after the first failure. Upon success, a
redirect is issued into the staff control panel.