All our clients are now using bearer auth so we can remove basic.
Also renamed methods to be more distinct about the differences between
them. Everything goes through bearer auth but in some cases we are
authenticating a user and other times it's either a server or a
particular api key.
De duplicate some common codepaths. Also, for routes accepting basic
authentication, allow bearer auth as an alternative. This allows
clients to switch to bearer auth opportunistically, but we won't
have to coordinate deployments.
Basic auth should be deprecated since we don't really use a
user/password auth scheme.
