Add support of target_user_id claim + tests

[pjanik]

[#179181398]

If the user has target_user_id claim, he would be able to download AWS credentials.
I'm not specifying any new rule access rule type. It's based on the owner rule. If it adds some value, we could actually disable or enable target_user_id access in resource settings. But not sure if it's worth it unless we want to explicitly disable it somewhere.

Some other changes:

• I've removed isOwnerOrMember helper and related tests. It felt overloaded at this point. canCreateKeys use other methods directly. Tests assertions have been redistributed to correct places (they were in fact replicating other tests, as it was OR join of few methods), so no tests have been lost I hope.
• index.tests.ts has a new JWT claim - jwtTokenWithTargetUserId. It's a different pattern than most of the old tests used. They seemed to simulate access using rules. This time I've tried to use a different JWT, as it didn't feel right to include target_user_id to the default jwtToken used by most of the tests. And setup would be more confusing. In fact, we could actually refactor most of the tets to use different JWTs (like jwtTokenContextMember, jwtTokenMember, etc.). I think it's pretty symmetric, but probably easier to type JWT name in a new test rather than copy and modify the array of access rules.

[scytacki]

Looks good to me