Previously, once a client was authenticated to the system with an email
link, the user could utilize other email links to other tickets; however,
the same ticket page would be presented to the user regardless of which link
was utilized.

This patch allows the ticket in focus for the user to be changed after
visiting the client portal with a different ticket link.

DISABLE_SESSION define is changed so that existing session are continued
but new sessions are not saved. This allows external auth backends to
redirect to an external site and that site redirect back to a `/api` URL and
the user's session will be continued.

Support searching both staff and user backends via a common interface.

Regardless of the configuration of the help desk registration, allow users
to receive ticket links via email. This patch enables the display and
operation of the ticket access link unless a user login is requested by the
user or specifically required by the system.

This adds a feature for remote authentication methods for clients, such as
LDAP, which will, after successful authentication, yield a
ClientCreateRequest rather than an AuthenticatedUser. The
ClientCreateRequest represents a successful authentication and user
information lookup for a remote client. The client is then presented with a
registration page where their information for their account in the local
system can be reviewed prior to the account creation. Once created, the
client account is confirmed without an email confirmation and is logged in
immediately without reentering a password.

This make writing new backends (such as LDAP) easier and less copy+pasting
is required.

This is the mode of the system if account registration is disabled

Turns out that the new authentication system incorrectly cancels the reset
tokens when it processes logins rather than after the user successfully
resets his/her password

Separate authentication strike (excessive login attempts) count from timeout
enforcement.

Log every other third failed login attempt as a warning, instead of every
other request. This is necessary to avoid false warning since login page
attempts SSO via the backend.

Ticket owner as well as collaborators can request access link by entering
email and ticket number.

This allows SSO backends to ingore authenticate method

SSO was originally used for a SSO plugin. The backend has since been
refactored to support other authentication backends.