Store login token instead of account password

[enkore]

The client should store the token only, not the account password. Should the token be rejected, then the user needs to log in again.

Ensure that the password is removed from data stores.

[julianseeger]

To distinguish this from #474: this is:

• ensuring that the password is removed from data stores
• ensuring that the login screen is shown to the user once the token gets invalid

while #474 is:

• ensuring that the auth token is stored persistently
• ensuring that the auth token is always used instead of username+password

(defined by me, criticism welcome ^^)