- Previously, AccessTokenValidationService was a module, and all its public
methods accepted a token. It makes sense to convert it to a class which accepts
a token during initialization.
- Also rename the `sufficient_scope?` method to `include_any_scope?`
- Based on feedback from @rymai
- Move the `Oauth2::AccessTokenValidationService` class to
`AccessTokenValidationService`, since it is now being used for
personal access token validation as well.
- Each API endpoint declares the scopes it accepts (if any). Currently,
the top level API module declares the `api` scope, and the `Users` API
module declares the `read_user` scope (for GET requests).
- Move the `find_user_by_private_token` from the API `Helpers` module to
the `APIGuard` module, to avoid littering `Helpers` with more
auth-related methods to support `find_user_by_private_token`