Down-scoped tokens for user-interactions

[bari12]

Motivation

Right now Rucio-clients only use one, usually powerful, token for all interactions (To authenticate to Rucio and to storage). This is however not matching with the general idea of how token workflows should work. Ideally, specifically scoped tokens should be used just allowing a specific type of interaction. There are several possibilities how to do that. (Rucio server might provide the down-scoped token to the client, when requested). This needs to be investigated and implemented.