Added Yard configuration and documentation for
`Clearance::Configuration`. Moving forward, we will be adding
documentation to the rest of Clearance.

I took a pass through the README file and edited for brevity,
organization, and correctness. I eliminated the various lists of
overrideable methods as these were out of date and not particularly
helpful in themselves. We already point the users to the overridable
classes. Over time I'd like to move the overriding and extending
documentation into the yarddoc itself or into a website that has recipes
for various behaviors people often request. For now, I've slimmed some
of it down but left most of it.

I also removed reference to the `deny_access` matcher as it will soon be
removed (to another gem) and I don't suggest its use.

This line has existed since 2008, and yet I can determine no
justification for it. It seems to me that we *would* want CSRF
protection on `session#create`.

On its own, skipping CSRF protection in just this single action doesn't
seem particularly useful to an attacker. Additional vectors (such as an
overly-permissive CORS header) would have to be present to make use of
this, but at that point far more interesting attacks would be possible
on any cookie-based auth system.

* Follow olivierlacan/keep-a-changelog format.
* Each release is linkable via header.
* Each change is categorized.
* Provide links to GitHub compares for each release.
* Corrected some spelling.
* Removed changes that were dev-only.

As a result:
* In the ActionMailer initializer for the test app, we have to refer to the
ActionMailer object itself to configure it instead of the app config. This was
recommended in rspec/rspec-rails#1313.
* We had to change the setup for rack_session_spec because RSpec now checks for
mutation of arguments passed into spies.

Adding `clearance/rspec` to `spec/spec_helper.rb` in RSpec versions
greater or equal to 3 will throw an `uninitialized constant
Module::ActiveSupport` error, since the Rails env is not available.

This updates the README in order to indicate the require statement
should be placed in `spec/rails_helper.rb`.

Change references to deprecated `set_the_flash` matcher.

There were a couple of methods from the Clearance::Authentication that
were leaking through to become routable action methods on the
controller. We need to hide them as actions.