mod_tokenauth: Add some sanity checking of the new optional parameters

mod_tokenauth: Add 'purpose' constraint This allows tokens to be tied to specific purposes/protocols. For example, we shouldn't (without specific consideration) allow an OAuth token to be dropped into a slot expecting a FAST token. While FAST doesn't currently use mod_tokenauth, it and others may do in the future. It's better to be explicit about what kind of token code is issuing or expecting.

mod_saslauth: Support for SASL handlers forcing a specific resource The token layer supports tokens that are tied to a given resource.

util.sasl: Add SASL OAUTHBEARER mechanism (RFC 7628)

mod_admin_adhoc: Add XEP-0133 commands to Disable and Re-Enable users Enables UI in clients supporting XEP-0050

CHANGES: Mention new ability to disable and enable user accounts

mod_admin_shell: Add commands to disable and enable accounts First proper UI to enable/disable, allowing it to be tested.

mod_c2s: Disconnect accounts when they are disabled We decided that at the first stage, accounts that are disabled should simply be prevented from authenticating, thus they should also be prevented from having connected sessions. Since this is aimed to be a moderation action for cases of abuse, they shouldn't be allowed to continue being connected.

core.usermanager: Fire events when enabling and disabling users Allow modules to act on this state change, e.g. kick accounts etc.

core.usermanager: Add methods for enabling and disabling users Calling into the auth module, where available.