spindle/mill: authenticate executors with per-executor tokens
Registers executors in the db and resolves identity from the token hash
in the Authorization header rather than the client-supplied Hello. Adds
`spindle mill executor add/list/revoke` and seeds the dev SharedSecret as
a bootstrap identity.