This is required to support ebook downloads which the Kobo device emits
without any auth headers.
* Also some other small bug fixes discovered during device testing.
* Add proper authorization checks on the new Kobo endpoints.
Important Note: As a side-effect, all CalibreWeb API calls can be
authorized using this token (i.e without a username&password).
