Rework sessions, remember cookies, and auth again

- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.

src/Api/Controller/TokenController.php

@@ -13,7 +13,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Core\Exception\PermissionDeniedException;
 use Flarum\Core\Repository\UserRepository;
 use Flarum\Http\Controller\ControllerInterface;
-use Flarum\Http\Session;
+use Flarum\Http\AccessToken;
 use Illuminate\Contracts\Bus\Dispatcher as BusDispatcher;
 use Illuminate\Contracts\Events\Dispatcher as EventDispatcher;
 use Psr\Http\Message\ServerRequestInterface;
@@ -64,13 +64,12 @@ class TokenController implements ControllerInterface
             throw new PermissionDeniedException;
         }
 
-        $session = $request->getAttribute('session') ?: Session::generate($user);
-        $session->assign($user)->regenerateId()->renew()->save();
+        $token = AccessToken::generate($user->id);
+        $token->save();
 
         return (new JsonResponse([
-            'token' => $session->id,
+            'token' => $token->id,
             'userId' => $user->id
-        ]))
-            ->withHeader('X-CSRF-Token', $session->csrf_token);
+        ]));
     }
 }