build system for creating and managing api access keys

[jschmidtnj]

these keys should be secure (like rsa or something), rate limited, and have scoped permissions.

[jschmidtnj]

new plan - use a token-based system with scoped permissions. this should be done using oauth for the scopes. see https://developer.github.com/v4/guides/forming-calls/#authenticating-with-graphql for graphql authentication example, and https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token for an example access token. the scopes should be passed in the graphql context to each request. regex will be used to determine if it's a jwt token (with some default expiration), or a custom token (with variable expiration). See https://github.com/sindresorhus/crypto-random-string.

[jschmidtnj]

access scope level should be in an array in the jwt token. the auth data can be cached, with the key being the personal access token data from the database, to prevent too many read requests. cli should have 2 options for login - one with entering the access token (should be the default), and the other with the login page (jwt expiration length should be increased).

[jschmidtnj]

rate limiting!

[jschmidtnj]

with the latest commit I added basic scoped permissions and token crud. need to add rate limiting and scope implementations still.

[jschmidtnj]

added pages for adding the tokens. did not actually implement the api endpoints yet

[jschmidtnj]

this is somewhat complete now