Database: Setup authentication API

[frey-mz]

• [x] setup authentication api (returns session token)

[frey-mz]

the intended api has two parts

server-side:

• [x] registration: receive a {email, password_hash} (or hash the password serverside) and then return a session token or a error message (accounting for duplicate emails, etc)
• [x] login: receive a {email, password_hash} and then return a session token or a error message (mismatched password, etc)
• [x] token_match: receive a session token and then return whether it is valid or not

token is optional, but it is normal practice to save a client sided token for authentication purposes, you can code this without a token match and just have registration/login return if the call was valid or not

registration calls should add a new user to the 3rd party database login calls should replace a user's session token in the 3rd party database token calls should not mutate the db