This reduces the time to validate a password, at a minor cost of
security (makes bruteforcing the DB easier, but still really hard).
Note: this invalidates all current passwords. It is recommended to
delete the admin user directly in sqlite:
$ sqlite3 users.db
> DELETE from users WHERE user_id = "admin";
It will be recreated with the reset password when restarting the server.
The admin can then reset other users' passwords.
Since the "model" doesn't contain any message from the API anymore, and
instead contains only the structures needed for authentication, it was
renamed as such.