Load/store FAST keys for auto_login.

[kousu]

Also clean up FAST and SCRAM keys on log out; otherwise, the credentials are still in the browser, and could be stolen, or reused simply by someone who knows to redefined conversejs-session-jid in localStorage.

Fixes #3144

Depends on strophe/strophejs#840. The bulk of the work is in that pull.

TODO:

• This renames reuse_scram_keys to reuse_keys to cover both FAST and SCRAM, so it should probably get a backwards-compatibility shim for the old name.
• Drop my development environment edit to package.json (without there's no way to test because both repos need to be in sync)

---

Before submitting your request, please make sure the following conditions are met:

• Add a changelog entry for your change in CHANGES.md
• When adding a configuration variable, please make sure to
  document it in docs/source/configuration.rst
• Please add a test for your change. Tests can be run in the commandline
  with make check or you can run them in the browser by running make serve
  and then opening http://localhost:8000/tests.html.

[kousu]

Demo:

Logging in with a password and catching a FAST token

The token is in IndexedDB:

Upon reloading, logs in using FAST:

Upon logging out, the token is wiped from memory:

[kousu]

I chose to repurpose reuse_scram_keys to also cover FAST because they are so similar. But there's other options

• add a separate reuse_fast_keys option
• make FAST always enabled, or maybe just a fast that defauls to true.

I'm not sure how is best or what your preferences are. Lemme know :)

[kousu]

Ah I imagine before this lands I'll have to redo it against 4.0. Hopefully it's not too complicated :)

[jcbrand]

Hi @kousu, thank you for the effort you've put into this so far. I'm just writing to let you know this is still on my radar and I plan to do an in-depth review soon.