Investigate complexity of splitting auth methods into separate packages

[confluence]

Split off from #219. It would be good to do this, but since we are planning to replace the controller with microservices eventually, we shouldn't spend too much time on it. These changes would be ideal:

• Split each auth method into its own package with a peer dependency on the base controller package.
• Now the auth dependencies can be removed from the base controller package.
• If possible, add a default built-in auth method to the base controller which 1) is lightweight and requires no complicated dependencies, and 2) is secure, but 3) can be completely impractical to use in production. The purpose is to have something working out of the box with trivial setup, so that everything else can be 100% configured and tested before the auth method is configured and tested.
• If there is no such possibility, the controller should have a peer dependency on at least one auth method package (I assume that this is possible). Maybe do this first, since it requires no extra work.