Improve security of Token storage

[jamespohalloran]

Currently, in the Dashboard we are storing the token in local storage. This helps prevent CSRF attacks, but with XSS, one could scrape localstorage on the client-side and steal our token.

I'm up for suggestions, but I'm wondering if we can proxy the code-exchange through a hosted function so we can create the token serverside (as http-only).
To mitigate CSRF, the token could be created as Same-site strict, or use something similar to our CSRF workaround in the Next-Github solution.

TODO:

• Implement some backend helpers for the CSRF Token approach
• Implement an in-memory approach, and make it the default (As recommended by both Auth0 and Cognito's clients)
• Make the token storage configurable by a key within the ForestryClient props

[jamespohalloran]

Closing this issue, as we have #85
With this change, you can store the token in memory, it's just a matter of documentation