Auth Cookie Support

[yungcomputerchair]

Currently, an auth cookie login functions very similarly to a regular login, with the only difference being that the user's password is sent unencrypted through the auth ID field of the packet as a C-string instead of being encoded in the password field as Unicode. After extracting the password, the login flow is the same between the two.

This PR implements a proper cookie login flow, using one-shot text cookies for auth:

• Add an Auth table to the database that stores text cookies and their expiration timestamp
  • Cookies are stored in this table out-of-band, by something like an API server
• When a user performs a web login on a cookie-enabled server*, check that the cookie is correct and valid; allow login if so
• Invalidate the cookie for an account after any cookie login attempt

* This new behavior is gated by an authmethods config option (which defaults to only allowing password login) so this will not break the auto-login trick that leverages the current behavior on servers that don't support real cookies.

[yungcomputerchair]

Builds are failing due to deprecated GitHub Actions workflows, not my code :P