Authenticate user API requests with CF credentials against UAA

What we're after

Cloud.gov customers will interact with the API indirectly via the frontend. To secure those requests, this service must accept the Cloud Foundry token that users will have already received from logging into the dashboard. The service should check that the token is authentic before fulfilling the request.

Potential metrics

Write tests that confirm this works.

---

Further context for those unfamiliar with what we're doing

Security considerations

TODO: Locate relevant security controls.

Notes for implementers

• We will use chi for routing, and we can create a middleware and apply it to the relevant routes.

Related issues/sub-projects

TBD.