I think that API key generation and revocation should be done by calling
the binary. Also, nuking all keys should be accessible. Public identity
regeneration can use `init` again for now.
I am thinking about seperating between confidential and public
clients in the structure that keeps track of them. The map keeping
track of the confidential should use the client base url as well.
Expecting to overhaul how its done after checking RFC 8725 and other JOSE
damage reduction strategies more throughly. (ugh)