[V2] App Accounts / Oauth2 & signatures

[perki]

We have seen multiple use cases where and applications or 3rd party has to collect multiple authorizations.
1- A campaign to collect consent for research
2- A doctor keeping a list of patients to whom he has access
3- An algorithm registered to process data from multiple accounts.

This has been implemented multiple times in multiple flavors.

Pryv should offer a built-in logic based on "Service or App accounts".

A Pryv Account should be used
1- To expose the requested consent
2- To collect in a (for example) "user" streams all the granted accesses
3- Be able to register generic webhooks

For now consents are free-form and can be issued without an authority controlling them (anyone can request access to a Pryv account). This is not desired for many use cases when the operator of the platform needs to control who can request access.

A signature based authorization and request for consent should be implemented to cover this use case.

The "token" based authorization model, also shows limitations in terms of security or need for a refresh of the token. A signature-based authorization model should be investigated.