* Split and move auth into a separate package
This change will make it easier to implement additional authentication
methods, such as OpenID Connect. For now, only the existing "apikeys"
authentication method is supported.
* Use absolute site prefix to prevent redirect loop
mutantmonkey