Export Payload Local API with function to log in (authenticate) user without passing the password

[MurzNN]

When projects are implementing their own authentication ways (SSO, OTP, etc), they usually need an API function that logs in the user to the system, providing the access token for the cookie and the cookie's expiration date.

But for now, seems Payload doesn't export any kind of function that can do this; the only Local API function I found in the documentation https://payloadcms.com/docs/authentication/operations#login is a payload.login() that requires passing the unencrypted user password:

const result = await payload.login({
  collection: 'collection-slug',
  data: {
    email: 'dev@payloadcms.com',
    password: 'get-out',
  },
})

But when we implement custom authentication flows, the Payload's user password is not available.

Because of this, each project or plugin has to invent its own ways to simulate the Payload login process, even the official plugin-otp contains a log of code to handle this:
https://github.com/payloadcms/plugin-otp/blob/5daf6c2f0ea12b01e35cd0c569ed2ff6efedf554/src/operations/login.ts

And by implementing this in a custom code, it's very easy to make mistakes and forget to trigger login hooks, validate attempts, handle sessions incorrectly, etc.

There are even two todos "TODO: Remove when Payload exports this function" that are still waiting for their day.

So, let's make them happy and extend the Local API with something like payload.authenticate(collection, user) that does the authentication, triggering all login hooks, and returns the token and exp values.