Allow server admins to retrieve an authentication token for any other user

First proposal is a new endpoint /_login_as/<username>, but could be any
other endpoint, even included in /_session, this is just to demonstrate
the feature.
1 file changed