Port V13 backoffice cookie validation to V14

[kjac]

Prerequisites

• I have added steps to test this contribution in the description below

Description

Right now, the cookie validation for V14 is lacking a lot of basic stuff. For starters, if a user has authenticated against one database, the user authentication survives swapping out the entire DB with another DB (or delete and recreate the DB), as long as the user exist by the same email in both databases 🤦

This PR ports over all (almost all) the current cookie validation from V13 to V14, to handle these silly things.

A few things have been explicitly omitted, because they seems to have little meaning in the Management API. Please consider if this is as meaningful as I think 😆

• BackOfficeCookieManager.
• IsRemainingSecondsRequest.
• BackOfficeSessionIdValidator and the corresponding EnsureValidSessionId

Notice that this PR brings back the V13 backoffice cookie name (default UMB_UCONTEXT, configurable in security settings) - it has up until now been hardcoded to the name UmbracoBackOffice in V14.

Testing this PR

Swagger

1. Authenticate Swagger against the Management API.
2. Stop the site without signing out from swagger.
3. Delete and recreate the database using unintended install.
4. Perform any operation in Swagger without reloading swagger first. This should fail with a 401 because the previously issued token does not exist in the newly created DB.
5. Sign out from Swagger.
6. Re-authenticate Swagger against the Management API. Verify that you are indeed asked to sign in again.

Backoffice

1. Sign into the backoffice.
2. Stop the site without signing out from the backoffice.
3. Delete and recreate the database using unintended install.
4. Reload the backoffice. You should be alerted that your session has expired, because all issued tokens (including the refresh tokens) no longer exist.
5. Go to /umbraco/login. Verify that you are indeed asked to sign in again.

[bergmania]

Works as expected 💪