Improve logging of security related events
Security related actions and events should be logged into its own file / backend because
- they log data might be sensitive
- important information might drown in the amount of other messages
Additionally I'd like to see some hint if a user logged in or was re-authenticated due to an active token found in the session.