* Add a rate limiter to the login page.
* Fix the CSRF cookie expiring after 24 hours; it now will be a session
cookie that expires on browser exit so you get a fresh one each visit.
* Remove the dependency on go-bindata and use native Go file embed
* Add documentation
* Legacy-importer tool updates the DB primary key serial after migrating
the posts, to be max(posts.id)+1 -- especially important for
PostgreSQL and MySQL (SQLite3 correctly picked the next ID by
default?)
* Add blog archive page and RSS, Atom and JSON feeds for the blog.
URLs are /blog.rss, /blog.atom and /blog.json
* List comments on a post
* Add comments, with preview
* Users can edit their own comments (EditToken)
* Admin can edit all comments
* Delete comments
* Comment counts on main blog index pages