http server should support new user approach

Auth::Authenticate should return a Future<void> to signify when the login authenticate operation is finished. The interface should support everything that comes from streaming store user domains (like 2FA requirements).

Also port password reset function to C++ (from Lua).