Make api/auth more suitable to be used as a dependency

[tmsmr]

Hi!

I'd like to use the api/auth part of of this package as a dependency. Basically i made two things to make that easier:

1. The one-time code for initial device token generation can be optionally supplied via RMAPI_DEVICE_CODE. I think that's good for the non-interactive usage of rmapi as well.

2. Instead of trying to authenticate with an expired user token, userTokenExpires checks if it is expired or expires soon. It seems like (I haven't really checked this thoroughly tbh) when the rmapi shell is started just before the current user token is about to expire, there is no re-auth mechanism. Hence this change would also be nice for shell users...

To be able to work on this package on macOS Monterey with a M1 chip, i had to bump golang.org/x/sys to a newer version.

The PR is draft mode, because i'm not sure if there are differences regarding the authentication between the two API versions (See TODO in userTokenExpires). Since my rM Cloud account is on the newer API, i can't test it unfortunately.

Unfortunately, the rmapi contributors are still on the old protocol and this makes it more difficult to test the new protocol's implementation.

Is this still the case? I'd love to support you with testing/verification.

Br, Thomas

[tmsmr]

Hey @juruen, since no one ansered yet: Is this interesting for you? If yes, i'll solve the conflicts and mark the PR as ready. If not (no hard feelings), i'll integrate the changes on my side...

[ddvk]

I thinks we can integrate it, maybe supplying the device code as a param would be better.
there is already code that parses the token (so that we find out which version the api is using in: https://github.com/juruen/rmapi/blob/master/api/api.go