Discuss/Define authentication mechansim for "magiclinks"

Description

The authentication mechanism described in #2513 needs to be defined in detail. So that client and server developers can implement it.

commmon understanding with web team about how the authentication is supposed to work
documentation