Fun fact, looks like our admin registration is going to use the same http auth mechanisms.

Here's how it looks:
- Keep list of admins in webmention format in the DB
- Admins talk to the API using signed HTTP requests
- API verifies requests by verifying the signatures

Cool side effects? No need for storing a password or issuing tokens or actual admin account data. We can also use wildcards in the list like `@*@hypha.coop` to allow any account from a given domain to have access.