Do not save user credentials in LocalStorage

[lorenzleutgeb]

By merging this we now save the user password in LocalStorage. AFAIK we did not do that beforehand, anyway it is way less secure: Tokens expire automatically, a password does not. It also is prone to side-channel attacks on obtaining the user's password.

We should only save tokens, and we should only save them in an HTTP(S)-only cookie, that's why I implemented PUT /cookie earlier. We're stepping back in security hugely here.

CC: @victorbalan

[victorbalan]

We will soon have token based auth. This is used now so we can work on integrating the new backend.

[victorbalan]

i will do this asap

[lorenzleutgeb]

Cool!