fix: session ID as user name

the textgrid session id is a password-like credential that should be secured like a password hash; change the implementation so that arbitrary user names are allowed and the password field is checked for the textgrid session id

this will be a BREAKING CHANGE because users will not be able to log-in as accustomed