Use Admin API with adminAuth type strategy

There is some work happening at the moment to address this.

The current proposal is to all adminAuth to provide a custom tokens function that can be used to validate any Auth token that isn't recognised as one NR generated itself.

That would then allow you to create an admin-only Auth token that can be used independently of the main oauth login scheme.

I hope there will be a design note or PR that I can link in the near future.