When a user is not logged in, the "guest" token will be sent with every HTTP request. Consequently, when the guest token expires (in 30 days), the user cannot log in again without manually deleting the guestToken from the browser cache.

Correct behavior:

1. Short-term fix: do not send guest tokens for user signup/logins
2. Long-term: the guest system has many flaws, e.g., repos not merged after registration. We need a better way to handle guests, preferably local-only with IndexedDB & Yjs.