fix: Gracefully handle attempts to confirm subscriptions with an expired token

When a user attempts to confirm their request to subscribe to the Tor Newsletter, they use a one-time token generated at time of request and passed along as a URL parameter appended to /confirm-subscription. (This is emailed to them by CiviCRM.)

Previously, if that token was more than an hour old, donate-neo would attempt to retrieve it, fail to locate it, fail to handle this failure gracefully, and throw a KeyError. This is bad behavior two ways; it fails to generate useful logging for admins, and it fails to generate helpful feedback for users.

This MR addresses this issue in the following ways:

• After retrieving the results of the Redis GETDEL operation, we first test the results to ensure they aren't just None, which is what GETDEL returns if it doesn't find anything. If it's None after all, then we gracefully handle the error, both by accounting for it in the code flow, and also by returning the user to the subscription form with a clear and detailed error, displayed in the same format as is used on the donation form.
• We now additionally handle the previously-unhandled case where GETDEL retrieves something using the provided token, but the data retrieved is not valid JSON. (Previously, we were just tossing it at json.loads() and being optimistic.)
• The subscription form template has been modified in line with the changes mentioned above - the error message's style and location has been updated to match the spec of the other forms and their errors.

Fixes #122 (closed).