This great big stack of commits is a a whole load of hoop-jumping to make it easier to store additional values in login tokens, and then to actually store the SSO Identity Provider in the login token. (Making use of that data will follow in a subsequent PR.)

This has the side-effect of being able to remove use of `inlineCallbacks`
in the test-cases for cleaner tracebacks.

Changes `@cache_in_self` to use underscore-prefixed attributes.

All handlers now available via get_*_handler() methods on the HomeServer.

Record how long an access token is valid for, and raise a soft-logout once it
expires.

This was broken when device list updates were implemented, as Mailer
could no longer instantiate an AuthHandler due to a dependency on
federation sending.

The 'time' caveat on the access tokens was something of a lie, since we weren't
enforcing it; more pertinently its presence stops us ever adding useful time
caveats.

Let's move in the right direction by not lying in our caveats.

login with token (as used by CAS auth) was broken by 067596d3, such that it
always returned a 401.

I prefer the auth handler to worry about all auth, and register to call
into it as needed, than to smatter auth logic between the two.

I made the non-test seconds instead of ms, but not the test

This just replaces random bytes with macaroons. The macaroons are not
inspected by the client or server.

In particular, they claim to have an expiry time, but nothing verifies
that they have not expired.

Follow-up commits will actually enforce the expiration, and allow for
token refresh.

See https://bit.ly/matrix-auth for more information