Switch to macaroon library to generate and parse access tokens

We need access tokens to store signed time, user id and scope.
Macaroon library provides exactly this functionality. So we can reuse
that and remove some of our generating/parsing code.

Access token is not expected to be parsed by clients. Client can't
remove caveats from macaroon. Adding new caveats is possible, but code
will reject such extended tokens because number of caveat was changed.

Change-Id: I3f3a4a972cad061fe6ac75eb906a5b299e75d13d
Reviewed-on: https://weave-review.googlesource.com/2084
Reviewed-by: Vitaly Buka <vitalybuka@google.com>
2 files changed