Create `/users` endpoint

[slifty]

Users are generally an internal entity right now but we have some need to expose the user ID for the current user in order to supply createdBy filters (see #939).

So, let's make a GET /users endpoint possibly with support for an authenticationId filter, and possibly with a special /users/me endpoint as well.

In terms of access control I could either:

1. make /users require the administrative role.
2. make /users require an auth context and then restrict the users returned based on auth context (e.g. if you aren't an admin the only user you can see is yourself)
3. do none of the above and just create a /users/me that returns your single authenticated user.

I'm planning to do both 2 + 3.

[slifty]

At some point it might be reasonable to come up with a good way to load users with an alternative ID (not just a filter) -- e.g. /users/authenticationId/{authenticationId} but there are some API design decisions I'd rather not have to think through to meet our immediate need.

[reefdog]

@slifty FWIW, it's trivial for us to attach the sub to the request, so /users/me isn't actually necessary (as cool as it is). In case you're prioritizing.

[slifty]

@reefdog ok good to know -- I do like it as a concept (and it'll be easy to add) but I think I'll capture it as a separate issue then and knock it out when I have a moment.