Refactor Sites and Stats API authorization logic

[zoldar]

Changes

This PR refactors authorization logic for Sites and Stats APIs, unifying it under a single plug. API keys already have a notion of "scopes" though it's merely utilized in a label-like fashion for Sites API key checks. The refactored version implements basic support for scopes. Due to the way API keys are currently provisioned (with a single explicit scope at a time), a notion of implicit scopes is introduced, which are considered as always matching provided the API key is valid.

The main point of this refactor is exposing read-only portion of Sites API to API keys without site provisioning scope. It also will serve as a basis for introducing further Sites API read-only endpoints needed for integrations we are currently working on.

Tests

• [x] Automated tests have been added

Changelog

• [x] This PR does not make a user-facing change

Documentation

• [ ] Docs have been updated
• [ ] This change does not need a documentation update

Dark mode

• [x] This PR does not change the UI

[github-actions[bot]]

|Preview environment👷🏼‍♀️🏗️ | |:-:| | [PR-4297](https://pr-4297.review.plausible.io)

[github-actions[bot]]

|Preview environment👷🏼‍♀️🏗️ | |:-:| | [PR-4297](https://pr-4297.review.plausible.io)