auth_token: Various updates, see below. * Defer to usermanager when testing the password * Because of this, don't assume the realm is available when verifying the token * Fix linting errors By using the `usermanager`, other modules can now ask the user manager to verify token credentials.