Drop fixed authorization

Important changes:
- UseFixedAuth is now UseAuth and toggles all kinds of authorization and
  registration
- UseRegistration is now AllowRegistration to better reflect the meaning
- LimitRegistration is now RegistrationLimit because it's not a boolean,
  it's a value (not "limit registration?", but "registration limit is
  ...")
- registered-users.json is now users.json, because all users are stored
  there
- user.AuthUsed is dropped in favor of new cfg.UseAuth which has the
  same meaning

I hope I have not forgotten anything.

web/auth.go

@@ -14,10 +14,10 @@ import (
 )
 
 func initAuth() {
-	if !user.AuthUsed {
+	if !cfg.UseAuth {
 		return
 	}
-	if cfg.UseRegistration {
+	if cfg.AllowRegistration {
 		http.HandleFunc("/register", handlerRegister)
 	}
 	http.HandleFunc("/login", handlerLogin)
@@ -29,7 +29,7 @@ func initAuth() {
 // handlerRegister both displays the register form (GET) and registers users (POST).
 func handlerRegister(w http.ResponseWriter, rq *http.Request) {
 	util.PrepareRq(rq)
-	if !cfg.UseRegistration {
+	if !cfg.AllowRegistration {
 		w.WriteHeader(http.StatusForbidden)
 	}
 	if rq.Method == http.MethodGet {
@@ -97,7 +97,7 @@ func handlerLogoutConfirm(w http.ResponseWriter, rq *http.Request) {
 func handlerLogin(w http.ResponseWriter, rq *http.Request) {
 	util.PrepareRq(rq)
 	w.Header().Set("Content-Type", "text/html;charset=utf-8")
-	if user.AuthUsed {
+	if cfg.UseAuth {
 		w.WriteHeader(http.StatusOK)
 	} else {
 		w.WriteHeader(http.StatusForbidden)