[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2583
This allows us to report JSON parse exceptions to clients and ignore them in sentry.
