Tighten verification of access tokens

[hannes-ucsc]

Once Data Browser participates in authorization code flow,

• delete DB-specific client ID
• verify that passed in access tokens originate from Azul's client instead of just any client in Azul's GCP project