* Add a rate limiter to the login page.
* Fix the CSRF cookie expiring after 24 hours; it now will be a session
cookie that expires on browser exit so you get a fresh one each visit.
* Remove the dependency on go-bindata and use native Go file embed
* Add documentation