Server-side user authentication

[danielesteban]

The servers need to be able to identify a logged-in user for future server-side features. In order not to send the whole session token to a third party server this will require:

• [ ] An endpoint for a user to get a session token scoped by server
• [ ] An endpoint for the severs to verify a scoped session token signature
• [ ] Implement support on the servers for this auth workflow and the storage of their session token and status
• [ ] Implement fetching a scoped token and sending it while while conecting to a server on the client.