518 secure server session (#823)

* Adds authentication proof for server. (close #518)

* Rename fromm koa-crypto-session to crypto-session

* some more merging updates..

* make sure logged in account is used in notifications

* remove config.login_challenge_description

* depricate login_challenge call; don't call login_account if already logged in

* Sign login challenge with posting key only (active commented out). #518

* remove active verification from session.auth (probably temp)

* Fix challenge string sigining.

* remove some debug output

* remove some commented out code

* remove session.auth, use session.login_challenge instead, pass login_challenge as single token

* Small login challenge data-structure fix.

* Notifications api warning if not logged in.

* Notifications api warning if not logged in.

* Adjust notification api warning if not logged in

* should make it call /login_account even if page wasn't refreshed after logout

* small code rearrangment