add form based auth in spa

[netzartist]

Fixes #637

Feature: When API requests answer with a 401 return code, display a login page which sends login credentials to an auth URL (see environments/*) via basic auth to receive a (new) JSESSIONID cookie

Expanded client/README with config instruction for SSL localhost setup

Open question: Is an explicit logout button necessary?

[stitakis]

@netzartist yes, from security point of view a logout button is required to give the user a way to terminate a session. To logout a http POST request needs to be sent to this endpoint: /logout

[stitakis]

@netzartist does this fix is compatible with SSO? Does it falls back to basic auth if SSO is not working? Does includes the required backend changes? If not I propose we convert this PR to draft one until it is complete... sounds good?

[netzartist]

@stitakis How could the app know that SSO is not available, is there an endpoint which I can ping to get a true|false flag?

[stitakis]

@netzartist I've changed the title of the issue to reflect better the solution

[stitakis]

@renedupont because I have done some changes I have removed myself from the list of reviews, can you please review the backend changes?

[stitakis]

@netzartist from backend point of view, this is ready for PR review

[netzartist]

@cschweikert I'd be happy to have you review the frontend changes. We've reduced the scope to login functionality, logout logic will be tackled further in another PR.