JWT should be used for all aspects of auth. (removal of static user registry from config)

[BarDweller]

Currently the server is configured to accept JWTs, but also has a basic user registry with roles assigned and groups.

The roles should be coming from the JWT, to avoid embedding user ids and user roles within this service.

This service should only be validating the JWT, using the user id from within the token, and honoring the roles allowed by the token.

[jwalcorn]

I actually fixed this a long time ago, but forgot to close the issue.