device_id should be text, not bigint.

Add a 'devices' table to the storage, as well as a 'device_id' column to
refresh_tokens.

Allow the client to pass a device_id, and initial_device_display_name, to
/login. If login is successful, then register the device in the devices table
if it wasn't known already. If no device_id was supplied, make one up.

Associate the device_id with the access token and refresh token, so that we can
get at it again later. Ensure that the device_id is copied from the refresh
token to the access_token when the token is refreshed.

Refactor login flow

Make sure that we have the canonical user_id *before* calling
get_login_tuple_for_user_id.

Replace login_with_password with a method which just validates the password,
and have the caller call get_login_tuple_for_user_id. This brings the password
flow into line with the other flows, and will give us a place to register the
device_id if necessary.

Fix /purge_history bug

Fix 500 ISE when sending alias event without a state_key

Fall back to 'username' if 'user' is not given for appservice registration.

The `store` in a handler is a generic DataStore, not just an events.StateStore.

This was caused by trying to insert duplicate backward extremeties

Various purge_history fixes

Various auth.py fixes.

Feature: Add an /account/deactivate endpoint

Bug fix: expire invalid access tokens

Add requestToken endpoints

Ensure that the guest user is in the database when upgrading accounts