remove unuseful aes file

[Mathias-AURAND]

I propose to remove the unuseful aes file, which is automatically created when we launch the app

[rkunnema]

Wow, this was possible? Amazing! 😮 Do we lose anything here? A quick query to google gives:

https://www.yesodweb.com/book/sessions

By default, your Yesod application will use clientsession for its session storage, getting the encryption key from the client client-session-key.aes and giving a session a two hour timeout. [..]
One simple way to override this method is to simply turn off session handling; to do so, return Nothing. If your app has absolutely no session needs, disabling them can give a bit of a performance increase. But be careful about disabling sessions: this will also disable such features as Cross-Site Request Forgery protection.

Are we using sessions? Is CSRF something we try to protect against?

[jdreier]

Since we are only running locally, I think we do not care about CSRF. Since the creation of the aes file sometimes causes problems, the idea is to avoid creating it. But if this causes other issues, please let us know.

[rkunnema]

CSRF could come from another website trying to get your tamarin instance to do ... something? I think you can only get it to perform valid proofs and the oracles are trusted when you start the server, though.

[cascremers]

We do need to think about the case where Tamarin is run on a remote server. I don't see an immediate problem but we should think this through properly.

[jdreier]

We had some offline discussions, it seems that in our situation this can be acceptable. Merging. Solves #603