Token Validation at TMS API

[johanfol]

As the TMS API, I want to validate the expiration and signature of Tazama format tokens so that only valid tokens are accepted.

Acceptance Criteria:

• The system must require a bearer token in the Authorization header.
• The Authentication Library must validate the token's expiration date.
• The Authentication Library must validate the token's signature using public keys.
• The Authentication Library must reject invalid or expired tokens.
• The Authentication Library must log any validation errors.
• The TMS API must integrate with Authentication Library to Validate the external token.
• The TMS API must return a 401: Unauthorized exception for any token validation failures.
• The TMS API must have a configurable AUTHENTICATED variable, which if switched to false, not require an Auth header, and skip all validations and authorization.

[Justus-at-Tazama]

@johanfol - Can we please add a separate and authentication-specific environment variable to turn the authentication service on and off? If we are piggy-backing off the existing NodeENV variable, we won't be able to test this effectively in pre-production environments. The combination of the two concepts into a single variable also defeats our "separation of concerns" design principle.