fix: userinfo /v1/session/userinfo should return authenticated=false if token has expired

[alexmt]

Closes #5687

PR rollbacks #5897 since it broke re-load feature. Instead it implements another approach that fixes #5687. The /v1/session/userinfo API should return {"authenticated": true} only if the provided token is valid and not expired. So only second commit eea45f1 needs review.

[alexmt]

cc @jMarkP . Sorry, during #5897 review I did not realize that UI needs token info from /v1/session/userinfo even if token is expired. This PR fixes issue in a different way: ensures that authenticated field in the /v1/session/userinfo response is false if token is expired (or not valid for some other reason)

[codecov]

Codecov Report

Merging #6282 (eea45f1) into master (b2f547e) will decrease coverage by 0.02%.
The diff coverage is 66.66%.

@@            Coverage Diff             @@
##           master    #6282      +/-   ##
==========================================
- Coverage   41.10%   41.08%   -0.03%     
==========================================
  Files         151      151              
  Lines       19931    19931              
==========================================
- Hits         8192     8188       -4     
- Misses      10611    10613       +2     
- Partials     1128     1130       +2     

Impacted Files	Coverage Δ
server/server.go	54.87% <62.50%> (-0.73%)	⬇️
util/session/sessionmanager.go	70.11% <100.00%> (ø)
util/settings/settings.go	46.75% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b2f547e...eea45f1. Read the comment docs.

[jMarkP]

Ah I see. Apologies for that. I'd come from the assumption that lapsed login === no login. Thanks for the fix!

[rbreeze]

LGTM!