Allow user to generate long-lived JWT (Personal Access Tokens).
1. The API keys (JWT tokens) have the same permission set as the users they belong to
2. PAT can be used in the same way as our current JWT token obtained from the login endpoint: `curl --header "Authorization: Bearer <your_access_token>" https://hosted.mender.io/api/...`
3. If the user generating the token is restricted by RBAC, the RBAC permissions apply to the token as well
4. Code is covered by unit tests
5. Acceptance tests implemented