Refactor the login handler

The login handler is now a simpler, standalone http.Handler
wrapper. The separation between the SSO application and the login
handler is now fairly complete.

The login handler no longer forces the user to a specific workflow via
session cookies, but it works on a request-by-request basis instead,
which makes the "back" button works as expected (allowing the user to
bail out of a broken 2FA process, for example).

Session handling has been simplified as well: there is a single
session for authentication and login state, which should remove the
opportunity for session synchronization errors.
3 jobs for better-login in 3 minutes and 18 seconds (queued for 3 seconds)
Status Job ID Name Coverage
  Build Pkgsrc
passed #13956
build_pkgsrc:stretch

00:00:25

 
  Build Pkg
passed #13957
amd64
build_pkg:stretch:amd64

00:00:30

passed #13958
arm64
build_pkg:stretch:arm64

00:02:52