support writing custom combinators for authorization

[soenkehahn]

The given Auth combinator takes care of authentication. It would be nice if servant-auth (or servant) allowed to easily write a custom combinator MyAuth that used servant-auth-server for authentication, but then also took care of authorization, where

Server (MyAuth :> api) ~ MyUser -> Server api

The HasServer instance would yield 401s for missing or invalid authentication and 403 for insufficient privileges.

[sordina]

Yes this would be a great way to not have to littler authz code throughout routes. Even simple things like expiring tokens.

[domenkozar]

Closing as duplicate of #73 (as it has more info)