feat: EdDSA token for database leakage/index mitigation

[eternal-flame-AD]

Fixes #325 , supercedes #707

Backend should be working with tests now, I'm currently settling on a timestamp based signature scheme like TOTP with more relaxed window (+-15 minutes for now). Some early feedback would be appreciated

TODO:

• make the browser frontend sign tokens. It will probably work something like this: when you login (or every time you reopen the web page) it will attempt to sign the request, if the server rejects that we try a second time without signing it
• UI improvement: amend the schema to differentiate errors between invalid tokens and expired signature

also refactored some tests that used to rely on hijacking the token generation function to be consistency/property based.

[jmattheis]

Could you answer the questions in #966 (comment)?