re-write security system to be more like WNI

- can get telly and reach stage-two
- narrow whitelist of allowed URLS in WTVClientSessionData constructor
- enough to show wtv-1800:/unauthorized with trust priv
- Times out lockeddown users really fast ;)
- untested disk error page

zefie_wtvp_minisrv/config.json

@@ -24,7 +24,9 @@
     "pc_server_hidden_service_enabled": false,
     "show_detailed_splash": true,
     "show_diskmap": false,
-    "allow_guests": true
+    "unauthorized_url": "wtv-1800:/unauthorized?",
+    "allow_guests": true,
+    "domain_name": "wtv.zefie.com"
   },
   "services": {
     "wtv-head-waiter": {