With 2.0 we have minimal suport for json web tokens. They allow login
as a user and a restricted permissions set based on the role embedded
in the JWT.

This ticket can be used as a grab bag of ideas that others may want to
tackle if JWT's are deemed more useful.

JWT can have own rate limit
===========================

Currently rate limiting in the rest interface is done based on the
user/subject. Consider adding a separate rate limit in the body of the
JWT. This restricts the amount of resources usable by the JWT which
may be lower than that allowed for the user. The user's level needs to
be able to support say an AJAX web interface to roundup which may
need many more hits than the JWT token needs to do its work.

More ideas can be added to this ticket and migrated to separate
tickets as they get implemented.