Provide a `/wopi/iop/open` endpoint

[glpatcern]

To match https://github.com/cs3org/cs3apis/pull/75, this implements a new /wopi/iop/open endpoint with the following arguments: Required headers:

• Authorization: Bearer and the shared Reva/WOPI secret
• TokenHeader: an x-access-token to serve as user identity towards Reva

Query parameters:

• string viewmode: how the user should access the file - one of VIEW_MODE_VIEW_ONLY, VIEW_MODE_READ_ONLY, VIEW_MODE_READ_WRITE, defaults to VIEW_MODE_READ_ONLY
• string username (optional): user's full display name, typically shown by the Office app
• string filename OR fileid: the full path of the filename to be opened, or its fileid
• string folderurl: the URL to come back to the containing folder for this file, typically shown by the Office app
• string endpoint (optional): the storage endpoint to be used to look up the file or the storage id, in case of multi-instance underlying storage; defaults to 'default'

The former whitelist mechanism is dropped, given the double protection provided by the required headers.

[glpatcern]

A general comment: most of the code did not really change and was only moved around. Apart addressing the remarks, we need to discuss if we want to drop the allowedclients logic as with Reva the authentication relies on both a shared secret and the TokenHeader, both non-guessable.