I think that API key generation and revocation should be done by calling
the binary. Also, nuking all keys should be accessible. Public identity
regeneration can use `init` again for now.
I am thinking about seperating between confidential and public
clients in the structure that keeps track of them. The map keeping
track of the confidential should use the client base url as well.
Expecting to overhaul how its done after checking RFC 8725 and other JOSE
damage reduction strategies more throughly. (ugh)
Since the action audit used has rust 1.58, it automatically fails with
strip. If this doesn't work I'll disable the audit cron to stop auto
notification.