Improve authentication flow with auth token

[jsjoeio]

Add token exchange. Create token on server and use as a cookie on the client.

We should use this as a default and issue a deprecation warning to anyone using the old methods.

See: #3422 (comment)

Edit: VS Code web already has token auth that we disable, could we make use of this? Then it should be pretty easy.

[antofthy]

OR the ability to set the 'session token' the server is to use!

I am very interested in being able to pre-set the session token cookie in the users browser (where they have already been authenticated).

[jsjoeio]

Yes! That would be nice too.

Not a huge priority for us but if you wanted to take a swing or do some research, that would be welcome! I believe this functionality exists in VS Code. We would just have to use it and connect it with code-server's existing auth flow.