SECURITY: Password reset is exploitable

As the reset token is an UUID, an attacker could flood the reset database with a substantial amount of UUIDs, and subsequently increase the chance of being able to reset a password.

The chance is n out of 53 Sixtillions with n being the amount of insertions of entries to the reset database.

Solution: Limiting the amount of outstanding password resets to one by deleting all other tokens for that email when issuing a new reset token.