Add /login /logout and cookies for ID in rest server

[ethanfrey]

Let's make this behave a bit more like a normal server....

Server on startup generates a temporary secret

On /login, server tries to access the named key, if successful, it adds a cookie, which is some encrypted Form of the name and password.

On /sign we no longer need to use a name password envelope, just refer to the cookie. This also makes the whole api more standard and /send simpler.

On /logout we unset the cookie.

All cookies will become invalid as soon as the server restarts as there is a new secret, maybe one could add more expiration info as well.

[ethanfrey]

Well, actually cookies is probably a bad idea for security. But generate this encrypted token and return it on login. It can be passed in to the rest server via a X-Auth: <token> header. If the current process is to store the name/password in memory on the ui app, this is likely more secure (as you would have to grab the token from one app and the key from the other).

[ebuchman]

#324

[zramsay]

supeseded by #324