The type is already encoded in the resource ID, but this is handy for
API clients so that they do not need to parse resource IDs.

Make it possible for the sso-server to fetch the recovery hint using
the same API.

It makes more sense to have this directly on the User object.

Adds UIDs to users, websites, DAV accounts.

Assign a random UID to newly created users, and ensure that all
associated resources have the same UID as well.

Check passwords and recovery responses directly against backend data.

Still doesn't entirely solve the problem of encoding the U2F
registration requests on the client side (we should probably just
accept a bytestring), but all the important functionality is there.

Also set an initial user password, and random passwords for all its
resources, on a CreateUser request.

Rename queryConfig to queryTemplate to better reflect its purpose, and
drop all cruft that had to do with config deserialization.

Txn

See merge request !1

Simplifies the code in AccountService a bit, moving more logic into
the request types. The authentication and authorization bits have been
split into a separate authService type for clarity.

Let the server fill in default values for resource and user creation.

By adding a User to the resource validation context, we can implement
more complex checks like verifying that websites have an associated
DAV account, or that the parent resource of a database is actually a
website.