Authenticated RPC calls

Issue #319 adds support for cron jobs with RPC calls, but there should be an (optional) way to authenticate such RPC calls, which typically do not rely on user authentication.

It is proposed using a Time-based One-time Password (TOTP) via an optional auth URL query param. If the auth query param is present but lacks a value, the value will be populated with a TOTP, i.e, auth=NNNNNN.

The secret key required by the TOTP generator, rpcSecret, will be a shared secret stored the secrets file for both the caller and the callee.

If the auth query param already has a value, that value will be sent as is.

By using a TOTP, though, even a man-in-the-middle attack would only yield authentication credentials valid for 60 seconds.