Authenticate all requests

[devinmatte]

All requests sent from the frontend will have the header:

'Authorization': 'Bearer ' + access_token

Authenticate against that access token before returning or modifying any data.
That token should also allow us to scope permissions for routes (rtp full access, vs user who shouldn't have access, etc.)

[mxmeinhold]

I'm planning to handle this via Oauth2.0 and spring security, sometime after I figure out how I'm doing serialization.