Remove no-longer-needed transitional cookie code

[seanh]

Remove some code to do with transitioning already-logged-in users to our new separate API auth cookie. This code is no longer needed once all production users have been transitioned.

This PR shouldn't be merged until at least 30 days after https://github.com/hypothesis/h/pull/8861 is merged (by then all HTML auth cookies that might have been issued without an API auth cookie being issued by the same login response will have expired, so there won't be any more users logged-in with just an HTML auth cookie and no API one).

[robertknight]

With the changes in this PR, users will get a confusing error if the API cookie expires or gets removed but the main site cookie still exists. I did this by manually removing the cookie in browser dev tools, but I think we should assume that there are other ways it could happen.

The workaround for the user here is to log out and back in again, but this is not clear from the error message.

[robertknight]

@seanh - Do you still plan to go ahead and land this as-is following our discussion at the end of last week or do you plan to make any changes?

[seanh]

We'll need to rebase this if we decide to merge it.

I've added a log message (https://github.com/hypothesis/h/pull/8889) so we can see whether this transitional cookie code is needed or not. Note that for the next 30 days we'd expect to see this message getting logged, after that maybe not.

[github-actions[bot]]

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.