Access control

[achilleas-k]

Access control is very basic currently. Hooks can only be enabled by authorised users that have write access to a repository. Beyond that, it's all pretty open. Results are publicly visible and can easily be guessed since the URL is simply constructed from the repository path and the name of the validator.

• Limit access to results pages based on user access through GIN. We should probably use the token we store for the user to check for read access.
• Generate unique random identifiers for pub-validate results that are only available to the user that started the validation procedure.