Convert basic http auth into more standard user system to avoid URL lockups (for system admins in production).

[zorn]

We currently use a deployment configured HTTP Basic auth for the system admin pages of this app:

flick/config/runtime.exs

Lines 72 to 83 in 39873e9

	# We do basic auth for the admin index in production.
	basic_auth_username =
	System.get_env("BASIC_AUTH_ADMIN_USERNAME") ||
	raise """
	Environment variable BASIC_AUTH_ADMIN_USERNAME is missing.
	"""
	basic_auth_password =
	System.get_env("BASIC_AUTH_ADMIN_PASSWORD") ||
	raise """
	Environment variable BASIC_AUTH_ADMIN_PASSWORD is missing.
	"""

This works, but it is clunky since once you authenticate those basic HTTP credentials, they stick to other pages and cause the site to lock up.

This is only a problem for the admin and can easily be worked around by using separate browsers or other separation tools (like Firefox containers).

We could add real user authentication to avoid this, but it seems like a heavy lift for limited gains.

If we were interested in user registration for the main app we could piggyback on it, but atm I don't think we will offer normal user registration.

Capturing for now, but likely not doing anything with this yet.