Restrict session creation (single-session mode)

[jwaldmann]

Currently, anyone who has, or has guessed, the server url, can create a session.

Sure, the session is only a text buffer, but - if I am running a server, I don't want it
to be known as a free-for-all message exchange site.

Could we have this as an alternative (to be chosen when starting the server):

• when the server is started (from the cmd line), a session is created,
• no session can be created via GUI. (the "home page" does not need to exist.)

The server could then print the session token to stdout, this would make it easier to start the repl. In fact, in this mode of operation, the server could (optionally) start the repl.

[munshkr]

We can add a --single-session option to flok-web. As you mentioned, this would generate a unique session and only expose the /s/[session_id] route for that session only.