Fixes issue affecting linking users to a 3rd party auth

[flovilmart]

When linking a user to an oauth provider in a client SDK (verified on iOS), the server would not check the session token for the authenticated user and the url doesn't hold the userId part of it (send as /users instead of /users/:id)

This PR addresses that issue, the userId provided by the session token will always take precedence over the query provided ID.

This should not break any installation as this server behaviour was not expected by the clients.

[acinader]

lgtm

[codecov]

Codecov Report

Merging #4047 into master will increase coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #4047      +/-   ##
==========================================
+ Coverage    90.7%   90.71%   +<.01%     
==========================================
  Files         116      116              
  Lines        7911     7916       +5     
==========================================
+ Hits         7176     7181       +5     
  Misses        735      735

Impacted Files	Coverage Δ
src/RestWrite.js	93.16% <100%> (-0.13%)	⬇️
src/Push/PushWorker.js	92.45% <0%> (+1.88%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7e54265...ef62746. Read the comment docs.

[flovilmart]

The JS SDK has a bug, all login calls are treated as link calls, unlike the other SDK'S I'll open issues there as well. The JS SDK should just strip the sessionToken when sending a login call

[flovilmart]

Thanks @acinader :)