the login call should not send the auth token

Currently the frontend sends the auth token in the login call even if the user was logged out.

We need to make sure these two things are fixed:

- [ ] remove any tokens and resetting the localstorage after logout
- [ ] do not send any auth headers for the login path, even if they might be present