Refactor login/logout into sessions controller

Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.

test/integration/user_changeset_comments_test.rb

@@ -30,7 +30,7 @@ class UserChangesetCommentsTest < ActionDispatch::IntegrationTest
     follow_redirect!
     # We should now be at the login page
     assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
     # We can now login
     post "/login", :params => { "username" => user.email, "password" => "test" }
     assert_response :redirect