Anonymous sessions are now algorithmic (to save database resources). Crucial session info is stored inside the cookie value (or access token) in a signed JWT format.
Anonymous algorithmic sessions have no expiration.
Added an anonymous session counter metric.
PKCE info is now stored in the authorization code collection rather than inside the session object.
closes #223
Changes