Previously we were hardcoding our username and password into our

config.json file, which isn't exactly secure, as the username +

password with both be lying around in memory constantly and it will be

available on disk in the event of an intrusion.
We now use an htpasswd file, for which the path is stored in

config.json.
Additionally, some HTTP errors have their verbosity reduced in the case

of internal errors (such as why we can't create a new token). These

errors are now logged instead

Ran go fmt ./...

Ran go test ./...