API: should use an identity token

[Kernald]

The API currently uses the email/password in each request to identify the user. A better way to do it would be:

• Replace the POST user/auth_gtg method by a GET method, taking as parameters the email and password, and returning an API token if auth is successful, null if unsuccessful.
• Replace the email/password couple by the token in every other call

Ideally, the user/auth_gtg method should take an additional parameter, an app ID. If not used right now, it could be useful later to let the user revoke specific tokens.