right now, configuring how a skapi or skweb server should behave is a bit rough around the edges.

• there's only one (undocumented) switch in skweb, the $SAKO_CSRF_AUTH_KEY environment variable.

we could probably use a skcfg package (w/ scfg) to gather this kind of things:

• CSRF authentication key
• sako domain (for oauth2 ?)
• sako [host]:port served
• location of sako database