Use FastAPI Depends, improve ctxlize, context tests and header tests

[tiptenbrink]

This PR is not super coherent, but I kept running into things I wanted to improve.

FastAPI Depends

• FastAPI also has a pretty nice dependency injection system. We don't want to fully rely on it, but it is very useful for avoiding code duplication at the start of an API route. The main thing is that you can add them per router, so now all routes in member/admin routers get the proper check. See apiserver/app/dependencies for all the different possibilities. Now we can load Source and we can check the access tokens very easily, and also get the Contexts we want to pass to the functions we're calling.
• There is an admin_router, which automatically checks that an access token has "admin" scope. It automatically prefixes "admin" to all admin routes, which will properly distinguish them.
• Ranking is now split into an admin and members router, which are automatically prefixed with the right route name. The old two routes /classification/{rank_type} are still kept until the frontend is updated. So the routes are now as follows:
  • /admin/class/update/
  • /admin/class/get/{rank_type}/
  • /admin/class/sync/
  • /admin/class/events/user/{user_id}/
  • /admin/class/events/all/
  • /admin/class/users/event/{event_id}/
  • /members/class/get/{rank_type}/

Other

• ctxlize is now ctxlize_wrap. Also added a more general ctxlize. Add docs inside the module that explains everything in detail. Also added some Context docs. We don't use a special WrapContext anymore. You can just add them to whatever context you like.
• Ensured ranking has no more context functions wrapping just a single database call. ctxlize is now used for that.
• The auth header helper functions are now either directly FastAPI Depends functions or context functions, meaning the routers/helper files could be removed.
• Improved some code for the delete account feature. Added extra checks so it is really ensured the right person is calling it. Also pulled out some code into a new update module for this.
• While cleaning up the header checking code, which is not better split into parts that load data and parts that just verify it, also removed the unnecessary error types. We now have a ResourceError for all errors related to simple resource server functionality (in the OAuth sense). All the resource server logic has been moved to a new apiserver submodule in lib/resource. The header verification part that does not depend on loading data has been moved here. It now also returns the proper WWW-Authenticate header and conforms to the spec better.
• Routers that were in their own folder were moved back to just files in the main routers folder.
• /res/profile is now a members route: <server>/members/profile. The old route is still up while we update the frontend.
• Added some special submodels for JWK symmetric and asymmetric keys.
• Fixed a deprecated way of calling jwt.decode, we now use the correct options dict as the new version recommends.
• Added a new define attribute called realm (the WWW-Authenticate realm). No real functionality but the spec recommends it.
• Improved documentation in a number of places (added a tutorial for Context in datacontext/context.py).

Tests

• Added tests for the header verify/access token functions.
• Moved the commonly used fixtures for setting up a mock Source and starting the app and TestClient to a separate file, which can be called as a plugin:

pytest_plugins = [
    "tests.router_test.data_fixtures",
]

• Improved the ranking test to actually return some data
• Added a delete account update test
• Tested some simple modifications of an access token to ensure they fail, this includes some utility functions for easily generating tokens.

[tiptenbrink]

Checked all files.