Implement captcha

[vgeorge]

Mapas Coletivos suffered a spam attack at the sign up page while ago, affecting user registration. We need to implement a captcha strategy to restore new user creation. I believe the options available are:

1. Add own image generator with svg-captcha or another node captcha module.

2. Add Google ReCaptcha.

[vgeorge]

It seems that reCaptcha is the less intrusive for the user and more reliable to prevent attacks. There are two public routes exposed to this kind of attack: sign up and reset password. The others are protected by authentication or do not write the database.

To implement this feature, the affected routes must require a recaptchaToken parameter, containing the token obtained by the web app at reCaptcha service. Also, these routes must query recaptcha verification endpoint and return an error if the token is invalid.

Reference: https://developers.google.com/recaptcha/docs/verify

[vgeorge]

Implemented in #53 and reviewed by @bwstefano at the staging enviroment.