Support for full-screen login using local users and bcrypt rather than WWW-Authenticate

[patrickdappollonio]

Currently, http-server only supports a single user and authentication via Basic Auth with WWW-Authenticate.

Several users have shown that they want a way to provide authentication and delegating it or offsetting it to an external entity might be too complicated, so they've not used it and instead resort to something like oauth2-proxy in front of http-server which makes the maintenance upkeep quite high.

We should be able to support something like a flag or environment variable or as part of the configuration file of a string that contains a combination of users to bcrypt-hashed passwords that the app should allow or deny access.

An expansion of this could be also adding support for users to require authentication to specific paths.

For the former, I envision something like:

# user: robert; pass: 12345
HTTP_SERVER_USERS="robert:$2a$10$iklK23goYD6DSsw4HHg7T.LkDdbSS81HSA09ib8uglW/d/6aqdmDS"

And a flag or setting to enable system-wide authentication (say, --require-auth).

And for the permission system it could be a configuration file with:

require_auth:
- path: /foo/bar/baz
  users: ["robert"]

Not sure what this means for delegated auth using JWT. From what I've seen in the open and due to experience reports, nobody seems to be using that feature. Do we just drop it in v2 or do we need to launch v3 and provide support for this kind of authentication?