feat: Implement email/password and X OAuth authentication, replacing the dev-login mechanism.

test/auth.test.js

@@ -30,13 +30,12 @@ test("clearUserCookie expires session cookie", () => {
   assert.match(cookie, /Max-Age=0/);
 });
 
-test("getAuthenticatedUserId prefers x-user-id header", () => {
+test("getAuthenticatedUserId resolves from cookie only", () => {
   const userId = getAuthenticatedUserId({
-    "x-user-id": "header-user",
     cookie: "xartaudio_user=cookie-user",
   });
 
-  assert.equal(userId, "header-user");
+  assert.equal(userId, "cookie-user");
 });
 
 test("getAuthenticatedUserId falls back to cookie", () => {