Add more complicated Automation tests to auth system

[Zachiah]

1. Ensure that the /auth/api/authenticate route only gives jwt and sets jwt cookie when the token is valid
2. Ensure that when tokens (both email, and api) expire, they won't work for log in
3. Ensure that if tokens (both email, and api) are invalid, they won't work for log in