Note: will not know what you signed in with (Google, Builtin, etc). Because we wont support satellites in day 1 this should be simple (blue path in the RFC diagram) - BETA sp7

• Create a new empty middleware. Purpose: be a middleman helper for RBAC.
• Get the token from request
• do a DB look up to check API key validity
• store a user actor or workspace actor on the request context
• Or: anonymous actor or terminate request