Nice to have:
    * task cleaning up expired email verification tokens and users
    * split task runner out of the web app
    * logging backtraces for bug reports
    * edit role functionality
    * update swagger API documentation docstrings (tedious)
    * server jwt signing secret in the config (simple)
    * sphinx docs
    * nginx basic configuration
    * docker setup
    * actual content negotiation allowing POST requests to receive JSON

Tech-debt:
    * clean up duplication between add_user/update_user/validate_new_user_data
    * make view.user.can_access_user_data more generic and reusable
    * templating error pages
    * doctests demonstrating API usage
    * make a top-level exception class and derive all exceptions from it
    * factor configuration out so it can live outside the tree
    * profile create_schema/remove_schema vs "for table: DELETE from table" for
      test runner
    * create factories for use in tests to allow easier and more trustworthy
      creation of common sample data (eg. "create_admin_user",
      "create_unverified_user"...)
    * generalize success responses

Bugs:

    * One token issued by authenticate failed to validate:
      curl --header 'Accept: application/json' --header 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJuYW1lIjoiXHUwNDE0XHUwNDMwXHUwNDNkXHUwNDM4XHUwNDNiXHUwNDNlIFx1MDQyOFx1MDQzNVx1MDQzM1x1MDQzMFx1MDQzZCIsImVtYWlsIjoiZGFuaWxvQGxvY2FsaG9zdCIsInJvbGVzIjpbXX0.NaKAjp0D1Q2PYfhHZKFceGSf62p5bLpm0044S2O_dx9HNwMI1_CqoGr41Ci-ZMkJeXDHJwPApj0C3W7-mUjuSA' -X POST http://127.0.0.1:5000/confirm-token

      token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJuYW1lIjoiXHUwNDE0XHUwNDMwXHUwNDNkXHUwNDM4XHUwNDNiXHUwNDNlIFx1MDQyOFx1MDQzNVx1MDQzM1x1MDQzMFx1MDQzZCIsImVtYWlsIjoiZGFuaWxvQGxvY2FsaG9zdCIsInJvbGVzIjpbXX0.NaKAjp0D1Q2PYfhHZKFceGSf62p5bLpm0044S2O_dx9HNwMI1_CqoGr41Ci-ZMkJeXDHJwPApj0C3W7-mUjuSA"
      server_secret = b"0I8\x00\xfa\xf4\xee\x8c\x01\x1f64(\xf2\x88\x9e\x022\x86\x1a:'\xb4\xf2\xd50\xd3\x068xR\xf2\x96\t\xf5O99\x8d\xbd\xdb\x905\x9d\xfe\xa7V[\xb7\xbe\x95\xae8\x1d\xc9Q\xeba\xc2=)\x1c\x7f>"
