Concerto Screen Auth integration

[mikldt]

Integrate with Concerto to allow non-interactive setup past URL entry, as well as authenticated connections. Reminder: this will not be 'secure' in any real sense unless https is in use and enforced, so we need to make sure that the user has the option to do that and that we carry that through all requests.

Workflow might look something like this:

1. User enters Concerto root URL into /setup.
2. Bandshell writes the root URL to config. It then retrieves a temporary token from Concerto Server frontend.
3. Temporary token is displayed on Screen, user uses it to create a new screen in the concerto panel. Note: this will involve a new action, perhaps /auth.
4. Bandshell polls concerto server usng temporary token, finds the new screen, and receives a permanent authorization token. Authorization token stored in configs.
5. Javascript in local browser polls local server to get the token.
6. Javascipt uses token in a POST a request to /frontend on Concerto. Note: need to check for XSS limitations here
7. The server redirects to the screen's actual frontend and also sends a cookie containing the provided authorization token so it can be used on subsequent frontend API requests.

[mikldt]

Currently blocked by Concerto#712

[mikldt]

Closed by 6b63780. We now have a basic workflow in place for authenticating the screen.

The only difference from workflow in the issue is that bandshell does not poll autonomosly, the polling of the server happens based on the javascript in the local browser polling bandshell. When we have daemon code (screen on/off, etc.) running in the background in the future, it could potentially cause bandshell to poll the server as well.