Security Enhancement: clear all user requests after usage

Hi friends!

This release contains one change to harden security:

• ensure all requests are removed for user - #105 thanks to @kbond

While not normally possible (unless you change the throttle timeout), if a user does have multiple, active "password reset requests" in storage, after using one of them to change their password, all "password reset requests" for that user should be removed. This is safer than allowing other password reset requests to remain active.

Cheers!