Ideas for a new version of the auth and report APIs

[davidor]

This is just a list of things to consider when we decide to expose new APIs for authorizing and reporting. It applies to other APIs that we might want to expose for example to improve caching done by external systems. In no particular order, some things that we've discussed in the past:

• Avoid including unnecessary information in the response XMLs.
• Support JSON in all the endpoints.
• Make sure the APIs are compatible with the swagger UI tooling.
• Consider changing some response codes to the ones described in this RFC: https://github.com/3scale/apisonator/blob/master/docs/rfcs/error_responses.md