fix: Prevent various password managers from auto-filling settings

[Koenkk]

Fixes #277

[Nerivec]

I wanted to avoid this "bruteforce" approach, as that may not work for all (I'm sure some software just ignore this stuff), and also because it sets it on all fields, which means it will also prevent browser-based filling from working (which is not desired, at least not everywhere).
I'd be more curious as to why that password manager detected the page as a login page in the first place. Shouldn't it have some kind of logic to not just try to fill on every single page? I don't use that kind of feature, I'm not well versed in the mechanisms used.

[Koenkk]

as that may not work for all (I'm sure some software just ignore this stuff)

Pretty sure it won't work for all but it should at least cover the majority of cases (BitWarden, LastPass, 1Password and some others that don't ignore autocomplete

and also because it sets it on all fields

This change only disables it for the JSON form, for which you never want the autofill. For the whole frontend it's only applicable to the auth token input

Shouldn't it have some kind of logic to not just try to fill on every single page?

Not that I could find, I think these password manager just scans forms for titles like Password, Client ID, Username etc.

[Nerivec]

This change only disables it for the JSON form, for which you never want the autofill.

No because unless I'm mistaken it also will disable autocomplete from browsers (where you can lookup previously set value for a specific field instead of typing it all back). I don't think we should remove that.
We could probably partial-match password, key, username, id on key and only disable it for these. At least limit the undesired behaviors to specific settings.