Personal tokens support

[rymsha]

Personal tokens are passwords that are not intended for humans to memorize. They are secure-random generated on demand, and shown only once to a user - when generated.

They can't be used for normal login, but should be used on management port for authentication.

[sigdestad]

We probably need to support it in lib-auth I guess, so any IDprovier may choose to support that?