Adds lastAuthTokenValidatedOn to users in Akka, send it in ValidateAuthTokenRespMsg pubSub msg, makes Meteor store it as authTokenValidatedTime

This change introduces a config file
`/etc/bigbluebutton/bbb-apps-akka.conf` which reads the default config
from packages and allows operators to keep their own config file changes
across package upgrades. This removes the workaround of copying the
config file to /tmp in preinst and then extracvting API URI and secret
and then in postinst inject it back to the config file in /usr/share

If the config file in /usr does not have the "changeme" secret, then API
URI and secret are extracted and injected to the generated file /etc, so
packages would upgrade in a clean way.

The postrm script removes the config file in /etc if the package is
purged but not if it is just uninstalled.

bbb-install and bbb-conf must reflect this change and replace the API
secret and URL in /etc, not /usr/share

Removes loginTime creation from Meteor and use the registeredOn date created on Akka. Makes Akka send the registeredOn date throught PubSub messages: UserRegisteredRespMsg, GuestsWaitingForApprovalEvtMsg and ValidateAuthTokenRespMsg.

To be used with the ejectRogueVoiceUsers config option

Reconnects may introduce ghost voice users in a meeting when the client fails to
rejoin but the audio connection remains active.

While fetching for the voice conference user's status, apps can now check if a
voice user has a matching user record. If it doesn't, eject the voice user.

fix for issue: https://github.com/bigbluebutton/bigbluebutton/issues/11182

Currently there is a mechanism in bbb-config which adds overlay units.
This is not neccesary because sbt allows you to specify your own unit
files.

Used by bbb-webrtc-sfu to enrich its validation on whether a user is allowed to broadcast or subscribe to a camera stream

Used by bbb-webrtc-sfu to enrich its validation on whether a user is allowed to broadcast a screen or subscribe to one

Used by bbb-webrtc-sfu to enrich its validation on whether a user is allowed to subscribe to the global audio bridge via listen only or not

Associate pads with meetings so session validation is restricted to the
meeting's valid session tokens.

Meteor will dispatch new redis events on shared notes and closed captions
pads creation. This event will go through apps and reach web to populate
a new meeting's pad collection that contains all valid pad id's for that
session. Nginx will use this collection to check if the user's session token
belongs to the pad's authorized users.

Besides these modifications, an extra change will be needed at notes.nginx.
Location /pad/p/ needs to change it's auth_request:

from /bigbluebutton/connection/checkAuthorization;
to /bigbluebutton/connection/validatePad;

Akka-apps filter presenter and moderators from random viewer selection list

While cherry-picking some of this work I noticed those extras.

Trying to get to the point where upgrades can occur without having
to re-run bbb-conf