customers: GET, PUT, DELETE /customers/:id does not validate organization

[adamdecaf]

Customers Version: v0.5.0-dev23

What were you trying to do?
When loading GET /customers/{customerID} the X-Organization header is not checked such that Customer belongs to the Organization.

There's no check in the endpoint currently

https://github.com/moov-io/customers/blob/v0.5.0-dev23/pkg/customers/customers.go#L56-L67

What did you expect to see?
The X-Organization header is used to filter Customers returned - often by authentication systems.