- Introduced idle connection timeout for HTTP client transport
- Implemented custom timeout for HTTP client when `RelayTimeout` is 0
- Set ImpatientHTTPClient timeout to 5 seconds
- Added new config variable `IdleTimeout` with default value of 30 seconds
- Utilized shared transport object for all HTTP clients in relay/util package
- Update the minimum access token length from 16 to 32
- Prevent spam by introducing policies and detecting user agents
- Add an authorization header to the login response
- Use base64 to decode the session secret and generate a random one if not set
