Include nonce & password status in /api/exists response

[ehuggett]

Context: for 3rd party clients / I'm updating my python send client to support passwords ehuggett/send-cli#4

As far as know, to check if a password is required it is currently necessary to parse the html from /download/$fileID/ for the value of the data-requires-password attribute belonging to the span with id dl-file (below)

<span id="dl-file"
   data-nonce="XYuAjx5mI85Ac5LkkpHL0g=="
   data-requires-password="1">Download Encrypted File</span>

It would be very convenient to avoid parsing html if possible, and i believe this would be true in other languages should anyone else write a client (I'm not aware of any?), so I'm suggesting that

1. password requirements are indicated in the headers or json response body to make them more accessible (parsing json is already a requirement for any client)
2. if this is added to api/exists, also include the nonce or WWW-Authenticate header
   2.1 This would allow api/exists to return all of the required information for the client to then call api/metadata (no need to request download/$fileID)

I would be happy to submit a PR for this, but its not clear to me if it would be accepted

[ehuggett]

I'm going to submit a PR for this.

api/exists

• indicate password status
• Include current nonce in WWW-Authenticate response header (Perhaps it should set a new nonce first? However iirc the client calls exists after upload but before the user sets a password so it may attempt to use the out of date nonce)

api/metadata

• include current download limit (dlimit)
• include total number of downloads to date (dl)

I chose to place dlimt/dl in the metadata so that either authKey or newAuthKey is required to obtain it (meaning it will not be possible to obtain these stats without the password if one is set).