Pre-screen CoAP requests based on credential's claims

[chrysn]

To

• enable flexible policy settings,
• avoid security checks coded into every single handler, and
• avoid the trouble of passing data from the request into the handler that is not in the request (which on its own is a bad reason, but in combination with the others, there's no good reason to change that setup)

we should process AIF REST-specific scope into permissions.

The current implementation is crude: It is not parsed, and hardcoded to a single resource.

Going forward, there are two paths:

1. At build time, we could build a type representing where a resource is in the tree (effectively a big nested enum, which is efficient at runtime), and when a credential is presented, parse the scope into a [(PathEnum, PermissionSet); N] structure.
2. When a credential is presented, verify its structure, but store it as AsRef<[u8]> and parse it on every request.

Right now I am leaning toward 2 because it does not require changes to the handler types, because we may need the full credential later anyway, and because a size limit on the full credential (typically: token) is easier to communicate with an AS.

[edit: Added text, set title – sorry fort the noise, won't use GitHub's "convert into issue" feature again]