Use the `AshAuthentication.Secret` behaviour, rather than asking the user to explicitly set it in their application environment.
This is a breaking change that will require folks to change their resource config to look up the signing secret.
Closes#79.
Closes#77.
Highlights:
* Replaced `AshAuthentication.Provider` with the much more flexible `AshAuthentication.Strategy`.
* Moved strategies to within the `authentication` DSL using entities and removed excess extensions.
* Added a lot more documentation and test coverage.
This is missing a bunch of features that you probably want to use (eg confirmation, password resets), but it's a pretty good place to put a stake in the sand and say it works.