feat: Add django session cookie authentication

[dsowinski2]

This PR switch from using token based auth to cookie session. So when working with OAuth or OpenID, we can simply set cookies and redirect without passing additional params with internal auth Token.
Token auth method is still in place for API calls.

[mateus-po]

Generally I am not sure about cookie-based approach to user authentication. This is something I already discussed with @dsowinski2.

I agree that cookie session is better when it comes to browser authentication (as it is the case with Enthusiast FE admin panel), because of better CSRF security. But since Enthusiast BE is to expose API that potentially could be used externally (I imagine that external BE/FE connection to the Enthusiast API is a real potential use-case), cookie sessions potentially limit API authentication options, as they are not as scalable nor easy to integrate as a token provisioning.

Damian explained to me that there is also an option of authenticating via service account, so that an external BE system can be authenticated without having to log-in via credentials to the Enthusiast API. But I still think that we should not limit external systems to authenticate only via service account. I can imagine a use-case when an external system would want to have an option to log-in with users credentials (e.g. when every external system user would have an account created in Enthusiast so that the conversation history per user is possible to retrieve), and demanding from the API users having to manage cookies would make such integration rather hard to maintain.

My thinking is that probably a hybrid approach would be best (an cookie-provisioning endpoint + a token-provisioning endpoint).