improve token testing

[ntraut]

• test permissions with both tokens and session cookies separately
• remove unnecessary token field checking in the request as req.user.username is also set with token
• fix token expiration check in upload controller
• fix anyone user removed after performing project controller unit tests
• fix bug when testing for non existing project in project controller unit tests

[ntraut]

thank you for the merge! concerning the codeql alert, i wonder if it's not a false positive because the file in question is managed by the multer middleware, but it's hard to test because i don't see anywhere where the upload controller is used, there are tests for it but only on the set up part...