refactor(api): Session middleware improvements

[koistya]

• Update api/auth/session.ts (session middleware) to allow authenticating using Google's ID token
• Move JWT related utility functions to api/core/jwt.ts
• Initialize Google/Facebook OAuth 2.0 clients on demand (memoize)
• Add a unit test showing how to test protected routes / API endpoints

import request from "supertest";
import { createIdToken, db } from "../core";
import { api } from "../index";

test(`fetch me (current user)`, async () => {
  const res = await request(api)
    .post("/api")
    .auth(createIdToken({ id: "test1" }), { type: "bearer" })
    .send({
      query: `#graphql
        query {
          me { id email name }
        }
      `,
    })
    .expect(200)
    .expect("Content-Type", "application/json");

  expect(res.body).toMatchInlineSnapshot(`
    Object {
      "data": Object {
        "me": Object {
          "id": "VXNlcjp0ZXN0MQ==",
          "email": "jaylon.johns@example.com",
          "name": "Jaylon Johns",
        },
      },
    }
  `);
});

afterAll(() => db.destroy());

See api/queries/me.test.ts, db/seeds/users.json.