enable temporary accessToken Cookie only for specific providers

[benkroeger]

no need to always set the currently authenticated user's accessToken in a short-living cookie when authPath is called.
This has always been a workaround for IBM Connections Cloud, which doesn't support the OAuth state parameter.

It is however required to mount loopback.token to read user credentials from state in the response.