API: Insist authn parameters be in the POST body
Passwords should always be submitted in the POST body, not in the query
string. Thus, a warning will now be returned if the password for
action=login or any sensitive authentication request parameters for
AuthManager actions are found in the query string.
These warnings should be upgraded to errors in 1.29.
Change-Id: Ifb2c684bb28c9acc004be2b0c2fef839eb7624aa