allow client to load successfully without requiring API SECRET

This patch allows the operator to control whether or not the API Secret
authentication dialog will display by default or not.  Historically Nightscout
allows a configuration to be readable and to send alarm information to all
displays.
A change in in dev in February to support authentication and api v3 introduced
a new configuration where websocket communication is authenticated, and the API
Secret modal will display if it authenticates in error.  The side-effect is
that all new instances, even readable instances with glucose data, can't be
seen or monitored without putting in the API Secreet or explicitly dismissing
it.
This patch returns to the default behavior while allowing to select the new one
using authenticationPromptOnLoad in the settings communicated from server to
client. If people strongly prefer, we can reverse to the new behavior over
time.
To select the old behavior with no API Secret needed for readabable data, do nothing.
To select the new behavior where the API Secret prompts occur on load, set
`AUTHENTICATION_PROMPT_ON_LOAD=1`.

lib/client/index.js

@@ -1146,7 +1146,7 @@ client.load = function load (serverSettings, callback) {
         }
 
         console.log('Subscribed for alarms', data);
-        if (!data.success) {
+        if (client.settings.authenticationPromptOnLoad && !data.success) {
           client.hashauth.requestAuthentication(function afterRequest () {
             client.hashauth.updateSocketAuth();
             if (callback) {

lib/settings.js

@@ -72,6 +72,7 @@ function init () {
     , adminNotifiesEnabled: true
     , obscured: ''
     , obscureDeviceProvenance: ''
+    , authenticationPromptOnLoad: false
   };
 
   var secureSettings = [
@@ -111,6 +112,7 @@ function init () {
     , bgTargetBottom: mapNumber
     , authFailDelay: mapNumber
     , adminNotifiesEnabled: mapTruthy
+    , authenticationPromptOnLoad: mapTruthy
   };
 
   function filterObj(obj, secureKeys) {