http: GET /setup landing page with expiry handling

web/templates/pages/setup.html

@@ -0,0 +1,44 @@
+{{define "title"}}{{.Title}}{{end}}
+
+{{define "content"}}
+{{$page := .Page}}
+<div class="max-w-[520px] mx-auto px-8 pt-20 pb-14">
+  {{if eq $page.Error "expired"}}
+    <h1 class="text-[22px] font-medium tracking-[-0.005em]">Link expired</h1>
+    <p class="text-pretty text-[13px] text-ink-mute mt-3 leading-[1.6]">
+      This setup link has expired or is invalid. Setup links are valid
+      for one hour from the moment your administrator generates them.
+    </p>
+    <p class="text-[12.5px] text-ink-mute mt-3 leading-[1.6]">
+      Contact your administrator and ask them to regenerate the link.
+    </p>
+  {{else}}
+    <h1 class="text-[22px] font-medium tracking-[-0.005em]">
+      Welcome, <span class="mono">{{$page.Username}}</span>
+    </h1>
+    <p class="text-pretty text-[13px] text-ink-mute mt-3 leading-[1.6]">
+      Pick a password to finish setting up your account. The link expires
+      one hour after your administrator generated it, so don't dawdle.
+    </p>
+    <form method="post" action="/setup" class="mt-7 space-y-4">
+      <input type="hidden" name="token" value="{{$page.Token}}" />
+      <div>
+        <label class="field-label" for="pw">New password</label>
+        <input id="pw" name="password" type="password" class="field"
+               required minlength="12" autocomplete="new-password" />
+      </div>
+      <div>
+        <label class="field-label" for="pw2">Confirm password</label>
+        <input id="pw2" name="password_confirm" type="password" class="field"
+               required minlength="12" autocomplete="new-password" />
+      </div>
+      <button type="submit" class="btn btn-primary btn-block btn-lg">
+        Set password and sign in
+      </button>
+    </form>
+    {{if and $page.Error (ne $page.Error "expired")}}
+      <p class="text-bad text-[12.5px] mt-4">{{$page.Error}}</p>
+    {{end}}
+  {{end}}
+</div>
+{{end}}