Add allowedAccountTypes page metadata which the authenticated middleware
uses to further restrict the types of accounts that can access the page.
If the account type is insufficent to access the page it will return an
HTTP 403 Forbidden status, which is rendered using the error page.
To make it possible to render the timetable in the user's local time we
need to know the timezone to render it in on the server. Otherwise
there will be hydration errors and paint flashing as the client renders
a different timezone.
Add a server global default timezone that can be overriden on a
per-account bases to prepare for timezone handling the timetable.
Provide a basic account system with login and server side session store
identified by a cookie. Upon successful login a signed session cookie
is set by the server with the session stored on the server identifying
which account it is logged in as. The client uses a shared useFetch on
the session endpoint to identify if it's logged in and which account it
is logged in as, and refreshes this when loggin in or out.
