Move authorization logic to dedicated service

[mickvandijke]

Currently, authorization is handled by each handler on its own. We should translate this logic into actions that will be authorized by a service that checks whether the user that invoked the action has the proper permissions to do so.

[rakema01]

I'd also like to suggest a setting to force a check for a valid personal tracker link for private trackers.
Not sure if this is happening to anyone else, but it seems like the current backend still serves a download link with no personal tracker link if the backend isn't able to retrieve a valid one. This is an issue since once the tracker token expires the user usually has to log out and back in to refresh it.

I guess this would just be a suggestion for checking user authorization for torrent downloading.

[josecelano]

Relates to #39

[josecelano]

Currently, authorization is handled by each handler on its own. We should translate this logic into actions that will be authorized by a service that checks whether the user that invoked the action has the proper permissions to do so.

hi @rakema01 I will review that problem. See torrust/torrust-index-gui#417