Refactor our auth handling code to be cleaner

Breaks out the validation code from the auth context modification calls, makes decorators easier to define and adds testing for each individual piece. Will be the basis of better error messaging in the following change.

endpoints/web.py

@@ -14,8 +14,8 @@ from app import (app, billing as stripe, build_logs, avatar, signer, log_archive
                  get_app_url, instance_keys, user_analytics)
 from auth import scopes
 from auth.auth_context import get_authenticated_user
-from auth.decorators import (has_basic_auth, require_session_login, process_oauth,
-                             process_auth_or_cookie)
+from auth.basic import has_basic_auth
+from auth.decorators import require_session_login, process_oauth, process_auth_or_cookie
 from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
                               SuperUserPermission, AdministerRepositoryPermission,
                               ModifyRepositoryPermission, OrganizationMemberPermission)