implement v1/access/logout

[danielblagy]

• invalidate token by storing it in cache until it expires (blacklist approach)

[danielblagy]

Blocked by #21

[danielblagy]

• [x] cover access service with unit tests
• [x] do #23 in this branch
• [x] add documentation

[danielblagy]

FOR QA:

1. implement POST v1/access/logout - logs out the user
2. fix authorization bug: the error was not propagated properly from handler.authorize convenience function
3. implemented #23, now if token has expired, status 401 unauthorized is returned with a message token has expired: not authorized