Use tokens for primary auth instead of Shibboleth

[nwalters512]

This replaces our use of Shibboleth as the primary authentication mechanism with JSON Web Tokens. We still use Shib to get a user's identity, but we create a JWT with that identity, store it in a cookie, and use it for future requests. The benefits of this are outlined in the high-level docs included in this PR.

Before this goes into production, we need to do the following:

• Remove Shib protection from /q
• Add Shib protection specifically to /q/auth/shib
• Generate and store a secure secret in the JWT_SECRET environment variable

[vercel[bot]]

This pull request is automatically deployed with Now. To access deployments, click Details below or on the icon next to each push.