This adds a nonce to the refresh token such that each request to obtain a refresh token must now also provide a matching nonce.
When using non-persisted logins, the request to the server is the same, but the "remember me" flag toggles a shorter duration for the refresh token.
The FE can then store the nonce in either local storage for persisted logins or in session storage for non-persisted logins.
The default is currently to always issue refresh tokens with a nonce, but this can be toggled with the JWT configuration.
The ngax client does not have the non-persisted login so it stores the nonce in local storage, using a name that is compatible with ngclient so the user can swap between them without needing to re-login.
The server util was updated to also store the nonce.
This fixes#6451
Introduces a `DuplicatiServerClient` to interact with the Duplicati server API, including authentication and various V1/V2 endpoints.
Adds `ServerCredentialType` to specify the authentication mechanism (Password or Token).
Includes a usage example to demonstrate client capabilities.
Kenneth Skovhede