Improve authentication

The authentication process needs work. Here are the goals I'm going to work towards:

1. No stale UI

Currently, this happens when the sessionId expires, because this leads to ICAT no longer responding to requests -- the UI says that things are being fetched indefinitely. The only way out is to refresh the page to trigger a new authentication process.

Stale UI is also visible underneath the ExpirationLoginContainer modal, when the user has an expired sessionId and the SSO check is not triggered in time.

The UI should never become stale, and requests should not be performed if they have a chance to "hang" forever.

2. Login UI only when required

We must ensure that the user is not logged in before showing them the login UI. If this takes time, we can show the navbar, the footer and a loading bar so the user knows that something is happening.

3. "Classic" login workflow

This means rendering the login UI via a /login route, and navigating to and away from this route as required. Currently, the login component is always rendered -- it just renders nothing if the user is logged in. This means that component pages have to be careful not to render anything or trigger any requests when the user is not logged in.

4. Silent SSO check

The page should not be refreshed when checking for SSO authentication, as this is obviously not what the user expects, leads to cancelled requests and console errors, and requires the app to initialise itself twice, which takes a long time.

keycloak supports checking SSO "silently" via a hidden iframe.

5. Reliable logout

Sometimes, after logging out and reloading the page, the user is directly logged back in (with SSO). In other words, the SSO logout is not reliably implemented.