Refactoring of auth

[pixeltopic]

refreshedToken should be renamed to token, and should always return either the currently valid token or a refreshed token. The frontend will update the token on each call. The refreshed or current auth token should be sent in res.locals instead of req.auth.

[pixeltopic]

Turns out this is a possible security issue, where if endpoints are called simultaneously it is possible that multiple jwts will be generated. Look into axios interceptors on the frontend

[pixeltopic]

• Removed refreshToken middleware from all routes as this should only be called by the axios interceptor from the client.
• Begun modification of status codes. Make sure 401 status codes are only set when the token must be refreshed,
• Start refactoring all error to message in responses.

[pixeltopic]

• refreshToken is now standalone and is only used by the /api/refreshtoken endpoint.
• verifyToken is no longer reliant on refreshToken. Has also been rewritten. Code is now a lot easier to read :)