Implement server API to check if a User has permission to operate on a token

[easyCZ]

Public API has so far only been proxying requests to server. As a result, the authentication on Public API only checks for the presence of credentials, rather than actually authenticate the credentials.

In order to guard access to the Tokens endpoints, we need to be able to authenticate the call. Currently, the resource guards are buried in server without any ability for us to access them from the Public API. To give us access, we're gonna add a method to server which checks if the user (as determined by the connection credentials) is allowed to perform the required operation against tokens.

• Extend server with APIs to check if the current user is able to perform an action on personal access tokens
• Actions are - get, create, delete, list, regenerate
• This new API needs to be added to gitpod-service.go to be invokable from public API

[easyCZ]

Thinking about this more, I believe we can simplify this by using the following:
getLoggedInUser. This will resolve to the current identity and will allow us to ensure that requested data matches the user.