REST API: access token content can be simplified

[gbarbon]

Describe the bug The security implementation of the REST API should be revised, since the access token that is generated for the authentication is carrying useless information. Because of this, each REST API request is "bigger" than it should, and it can be reduced.

More precisely, Kapua is sending a sort of Id Token, containing a lot of information that actually is already on the DB (users, roles, permissions, scope, etc). Since the token is used as a bearer token in the REST requests, such a token could be only a simple string, since it should only do match with our backend.

To Reproduce n/a

Expected behavior Only a bearer token should be used for REST APIs.

Screenshots n/a

Version of Kapua 1.5.0-SNAPSHOT

Type of deployment [ ] Local Vagrant deployment [ ] Docker [ ] Openshift (in its variants) [x] Others (all)

Main component affected [ ] Console (in case of console please report info on which browser you encountered the problem) [x] REST API [ ] Message Broker [ ] - Others

Additional context See here for the point where the token for the REST API is generated.