Improve handling of the OAuth Token #18
Description
Change the name of the password setting in settings.js and documentation to oauthToken or similar to make it more clear that the password of the bot account should not be supplied, but change the code to access the password setting as a fallback for backwards compatibility.
Additionally introduce the option to pass the oauth token via an environment variable (e.g. OAUTH_TOKEN), so that the token does not have to be inside the settings.js and make this the recommended way of setting the token, but still keep the option to set it in settings.js too (for simplicity and also for backwards compatibility).
And then also introduce .env files support, such that the OAUTH_TOKEN environment variable can be set in this file and this file should be added in .gitignore.