Closes #1654 (closed)
/app_token?expires_in=<int> for simple tokens like the signature token to access every endpoint available with the Keycloak access token via the
Authorization: Bearer <app token> header. Adds tests for requesting the both app and signature token with and without authorization. Adds a single test to access a restricted endpoint (
/users/me) with the app token.