The user status is a bit complex, since there are various states and
not all transitions between them make sense.
Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
Since flash objects can only be String, Hash or Array (notably excluding SafeBuffers), then this approach is necessary to render complex html in a safe manner.
Each local can be treated as an (unsafe) string, and therefore escaped normally when rendered into the template. The template (and translation strings) can
contain html since they are no longer stored in the flash as a plain string.
Fixes#3215
