Check whether the application belongs to project (#202)

**What this PR does / why we need it**:

**Which issue(s) this PR fixes**:

Fixes #

**Does this PR introduce a user-facing change?**:
<!--
If no, just write "NONE" in the release-note block below.
-->
```release-note
NONE
```

This PR was merged by Kapetanios.

pkg/app/api/api/web_api.go

@@ -267,6 +267,14 @@ func (a *WebAPI) SyncApplication(ctx context.Context, req *webservice.SyncApplic
 		return nil, err
 	}
 
+	claims, err := rpcauth.ExtractClaims(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if app.ProjectId != claims.Role.ProjectId {
+		return nil, status.Error(codes.PermissionDenied, "The current project does not have requested application")
+	}
+
 	cmd := model.Command{
 		Id:            uuid.New().String(),
 		PipedId:       app.PipedId,