Instead, the user generates the api_endpoint url to set on their device
by visiting http://.../kobo_auth/generate_auth_token.
The generated url will contain a RemoteAuthorizationToken that will be
included on all subsequent requests from the device to the kobo/
endpoints. (In contrast, the device is authenticated using a session cookie on
requests to the download endpoint).
Also use Flask.url_for to generate download urls.
This is required to support ebook downloads which the Kobo device emits
without any auth headers.
* Also some other small bug fixes discovered during device testing.
* Add proper authorization checks on the new Kobo endpoints.
Important Note: As a side-effect, all CalibreWeb API calls can be
authorized using this token (i.e without a username&password).
