These changes ensure that the new (SHA256) session ID is returned in the
"session_id" field, so that developers have time to update their client
implementations to use the new "access_token" field.
Signed-off-by: Michael Mayer <michael@photoprism.app>