Not every user should be allowed to login the CMS

Note: "Not every user should be allowed to login the CMS", this means that although the user can login (s)he still is not authorized to do anything. So the user gets more or less an empty screen.

a) Not every user should be allowed to login the CMS as a general rule, a definitive requirement in some (future) use-cases
b) Users without appropriate permissions to login should be denied to login
c) Solve CMS7-4467 with b)
d) Unless c) causes some unexpected caveats or time consuming work, include it in 7.5, otherwise postpone to 7.6.

Imo this is a trivial/edge-case issue anyway concerning incorrect configured user accounts (assuming they are supposed to be able to login and change their password). A trivial procedural explanation/instruction would do just as well in that case.

Make the privilege whether a user is allowed to login to the CMS configurable. The default could/should be 'hippo:author'.

See the email thread "[HippoRepos-dev] [23842] hippo-ecm: CMS7-4467: allow all users to access their own user node"