`POST login.json` to set admin cookie

[shish]

Mixing the code for "manage session ID" and "manage is-admin boolean" on the client is hard, and the code for logging in with a password is there already...

Having an API function which accepts this password and sets the admin cookie for us is actually easier than setting the cookie for ourselves, and it's easy to replace with some real authentication if we want to do that in the future.

[calaldees]

Having a place-holder for real authentication sounds sensible. The curl examples in README.md will need updating.

[shish]

The curl examples in README.md will need updating.

At the moment they still work as-is, because "call login.json with the correct password" and "manually change the session_id in your cookie" are the same thing :3