Switch to cookie for storing token

[chadweimer]

Storing the jwt in local storage is not secure. For a recipe site, probably not a major concern, but using a same site, httponly cookie would be better.

Useful links:

• https://www.sohamkamani.com/golang/jwt-authentication/
• https://swagger.io/docs/specification/authentication/cookie-authentication/
• https://mannharleen.github.io/2020-03-19-handling-jwt-securely-part-1/

[chadweimer]

The server side of this is really easy. I made an initial attempt and the sticking point is a better way to track logged in state on the client, which I am sure there's a pretty standard way of doing.