Authorizing calls to the API by validating the credentials provided by keycloak and sending that information in the 'session token' passed to the backend.

NOTE: Using authservice might change this approach.

CLOSING AS DUPLICATE OF #483

Addressed by PR #533