require authentication for everything of the API (global auth token)

Right now we don't require authentication for things like login or signup, which might leak for an attacker your list of providers and allow them to inject providers into it.

To do that the proposed solution is to have one single global authentication token shared for all accounts. This have problems in a multy-tenancy situation where one single bitmaskd is shared between multiple users. This might not be a case that we need to solve now. Anyway in the future might make sense to have one authentication token per tenant, and each tenant might have multiple accounts logged in.