* Add cloud function to get custom token from API auth
* Use custom token to authenticate Firebase SDK on server
* Make sure getcustomtoken cloud function is fast
* Make server auth code maximally robust
* Refactor cookie code, make set and delete more flexible
