[x] review storing the encryption key for checking in the http service
[x] is it ok that we only support the http usecase for now? - I think we can rely on standard PC unlock screen for Wails.
[ ] review cookie structure
[x] return to previous URL functionality after logging in
[x] proper password check on startup
[x] setup page can currently be accessed if the app is running without a password - a malicious user could then change the node backend. I think this should be locked if the app is running
[x] prevent brute forcing passwords - currently rate limited at 1 request per second
TODO