Add ability to login as staff via REST APIv2

[IllyaMoskvin]

For the admin app, we will need to have the ability to POST credentials to an endpoint to login; if those credentials match those of an existing user, it should return a token that can be saved on the frontend.

I think most of what we need is already there in some form, and token-based authentication is built into the Django REST Framework. I'm still figuring this one out, but I thought I ought to open an issue in case someone has a good example in mind.

[IllyaMoskvin]

We're in luck! It looks like the Django REST Framework does indeed have a built-in method for token-based auth. Here's the relevant commit. In this case, I honestly just followed this tutorial, so it bears further looking into. Here's what I've learned so far from manual testing:

1. Only users that have a password set can login.
2. django-guardian's AnonymousUser cannot login because they lack a password.
3. Users created through POST /api/2/users/ cannot login, since their password is set randomly.
4. Users do not need to have a token created for them ahead of time. DRF creates a token for them on first login, and on subsequent logins, they are presented with the same token, unless we implement a real logout function, which I don't find necessary at this time, from a prioritization perspective.

I'm still adding things to that branch for permissions, using AuthenticatedReadAdminWrite. Will submit PR when most of the low-hanging-fruit views are properly secured!

P.S. This is just me taking notes, but for reference, login works by hitting POST /api/2/login with a username and password.