Set up user authentication for the admin

[doesntgolf]

It looks to me like the best candidate package for handling auth will be httpauth. It supports various credential storage mechanisms, including file-based via gob from the standard library, and password hashing via bcrypt.

One alternative might be go-http-auth.

I'm not sure if we'll need to set up sessions and/or cookies right away, but if we will it'd probably be best handled (for now) by Gorilla toolkit's securecookie and sessions packages.

We should also allow for not using authentication, both for development purposes and because we need to support it in the long run (for local setups).

[jbeane]

Initial setup per cfedb71 commit. Went with httpauth.

To get it working in versions before this commit:

1. copy auth.gob from topiary/admin/auth.gob to site home/admin/.
2. username/password: admin/adminadmin

Things still needed, in no particular order:

1. Ability to change your admin account info: name, email, password, role.
2. A way for the admin roles to create and delete accounts. 3. Implement roles to access different portions of the admin.
3. Add user data to the template variables. eg. Hello, Nated!
4. Allow for the authentication to be turned off via config for development purposes (or auto log in as the admin account perhaps).
5. Add link somewhere in the theme to point to new /manage-accounts/ page.

[jbeane]

Need a template for if you are logged in but not authorized to see the page based on role. Right now it just fmt.Println the error that your role isn't high enough for the page.

Currently all pages are set to user which is the lowest role type, and I added the required role of admin to view the /manage-accounts/ page. It would be cool to be able to control the required roles for each page type from the config.

We should also define what types of roles we'll need, and if we'll need the ability to manage them via config?