Since it turns out that the hostName field is used by our statistics

Since it turns out that the hostName field is used by our statistics
reporting to determine which host to harvest log-files from, we can't
rely on that as any part of our authentication scheme: lots of
end-user records now have hostName=sp-mkws.indexdata.com, which means
that in the absence of username/password or referrer-based
authentication, one of those is picked at random (and IP
authentication is never used, as we don't get that far down the
sequence).

Instead, we now do authentication as follows:
1. Username/password, if any.
2. Referer, where possible.
3. IP-address.
4. New special constraint, token="mkws-default".

So we now explicitly anoint one of the MKC libraries as the default to
use for MKWS (when u/p, referrer and IP address all fail) by setting
the "token" field in one of its end-user records to "mkws-default".

At present, the only end-user for which this has been done is "MKWS
demo", belonging to the library "DEMO MKWS: the MasterKey Widget Set".