* Add support for authenticated static photo URLs, leveraging the NGINX module
ngx_http_auth_request. The README is updated with an example NGINX config
how to set this up on the proxy side.
* In settings.json a new SignedPhoto section is added: not enabled by default.
* PhotoURL will append a ?jwt= token to the /static/photos/ path for the
current user, which expires after 30 seconds.
* When SignedPhoto is enabled, it will enforce that the JWT token is valid and
matches the username of the current logged-in user, or else will return with
a 403 Forbidden error.
