Rework sessions, remember cookies, and auth again

- Use Symfony's Session component to work with sessions, instead of a custom database model. Separate the concept of access tokens from sessions once again.
- Extract common session/remember cookie logic into SessionAuthenticator and Rememberer classes.
- Extract AuthenticateUserTrait into a new AuthenticationResponseFactory class.
- Fix forgot password process.

src/Core/Access/AssertPermissionTrait.php

@@ -10,6 +10,7 @@
 
 namespace Flarum\Core\Access;
 
+use DateTime;
 use Flarum\Api\Exception\InvalidAccessTokenException;
 use Flarum\Core\Exception\PermissionDeniedException;
 use Flarum\Core\User;
@@ -74,7 +75,7 @@ trait AssertPermissionTrait
     {
         $session = $request->getAttribute('session');
 
-        if (! $session || ! $session->isSudo()) {
+        if (! $session || $session->get('sudo_expiry') < new DateTime) {
             throw new InvalidAccessTokenException;
         }
     }

src/Core/User.php

@@ -31,7 +31,6 @@ use Flarum\Event\UserEmailChangeWasRequested;
 use Flarum\Event\PrepareUserGroups;
 use Flarum\Core\Support\ScopeVisibilityTrait;
 use Flarum\Core\Support\EventGeneratorTrait;
-use Flarum\Core\Exception\ValidationException;
 
 /**
  * @property int $id
@@ -135,7 +134,7 @@ class User extends AbstractModel
 
             $user->read()->detach();
             $user->groups()->detach();
-            $user->sessions()->delete();
+            $user->accessTokens()->delete();
             $user->notifications()->delete();
         });
 
@@ -654,13 +653,13 @@ class User extends AbstractModel
     }
 
     /**
-     * Define the relationship with the user's sessions.
+     * Define the relationship with the user's access tokens.
      *
      * @return \Illuminate\Database\Eloquent\Relations\HasMany
      */
-    public function sessions()
+    public function accessTokens()
     {
-        return $this->hasMany('Flarum\Http\Session');
+        return $this->hasMany('Flarum\Http\AccessToken');
     }
 
     /**