Session fixup

A significant change to the app storage and the API:

• heavily documents as much as possible using JSDoc
• open API auto-generated end-points using swagger and jsdoc, available at http://hostname:port/api-docs
• encrypts the parent key on disk using a password
• adds session-based authentication. password provided is verified against a hashed password, before decrypting the parent key
• this happens after POST /api/auth, so creates two new functions lock and unlock to open/close an authenticated session
• once authenticated, you can create and switch between multiple identities. spaces/seeders/etc are scoped by identity.
• all space addresses / names are now stored in a single leveldb, which we sublevel for spaces/replicators/seeders/identities
• changes the API layout to pass around an API object thats a Map - tried using node-dependency-injection, but we just don't need it, and having used it, it doesnt work v. well with what we've built, too many arguments are required in the constructor, to make it work in tandem with the way its designed would mean a total overhaul. I have made use of some of the design patterns
• refactors shared logic into 'services' and removes some circularity in the controllers
• refactors create/update/delete logic into factory classes
• removes dependency on '@coboxcoop/repository', rips it out and uses a much simpler getter/setter class, see: lib/cache.js

this MR should make it easy to implement full on-disk encryption, its halfway there, we need to encrypt leveldb entries, the indexes and space encryption keys (which could go in leveldb?) either using the password as a symmetric key or using a 'main' keypair derived from the parent key.

still todo:

• finish writing service tests
• write integration tests / route tests