Build a more modern REST-based API

[lunkwill42]

Two main concerns have been voiced regarding the legacy Zino API:

1. The API is plain-text/unencrypted, which is mostly mitigated by access-list restrictions and using a challenge-response mechanism for user authentication, rather than clear-text passwords. This may have been fine when Zino was first developed in the mid-90s, but no-one would build an API without an encryption layer in 2024. Our security teams would blow a fuse if they knew ;-)
2. The API is stateful. In many respects, it is much easier to work with stateless API, especially with the tools available to us in 2024. The stateful nature of the API is also why implementing a web-based GUI to Zino (Howitz) is so difficult, compared to building command-line or desktop clients.

It has therefore been suggested by the team working on Zino 2 development that the current API should be supplanted by a more modern HTTP REST API. Such an API can build on existing frameworks and toolchains to provide proper encryption and authentication.

The API endpoints in a REST-based API would mirror the operations available in the legacy API. However, we may still have to leave the legacy API in there in order to support older clients until they can be migrated. Perhaps a config option (defaulting to disabled) could be used to switch on the legacy API in addition to the new API.