Things I've left for later to IAM:
1. Subject session expiration (to prevent session extension attacks);
2. UserPass adapter;
3. Token adapter and removal of APITokens in favor of `api_client` actor
with a Token provider;
4. Cleanup of Configurations schema and table
5. SCIM
6. Groups and Actor Profile (name, email) Sync
7. Email delivery once Web app is done with the templates
8. We might also want to persist sessions to database, to then show list
of active sessions to the user and allow to terminate some of them from
UI
9. SAML?
10. Rename `unprivileged` role name to `end_user`
11. Add `first_` and `last_name`, and sync/edit blocking logic around
it.
12. Rename Clients to Devices?
