authorisation: allow jupyter lab to work in standalone mode

[oliver-sanders]

Closes #556

Jupyter Lab authorisation is open by default, a curious choice, safe for regular usage, but it becomes a security hole when deploying via Jupyter Hub and allowing users to see each other's servers.

Since this is key to Cylc Hub deployment, and we don't want our users accidentally opening security holes (Cylc must have safe, sane and secure defaults), we override the default security policy to only authorizing the server owner to access Jupyter Lab.

Unfortunately, I forgot to add a necessary backdoor to this policy for token authenticated sessions (i.e. sessions that are not run through Jupyter Hub) where the bearer of the token has full permission over the server.

This means that at present, Jupyter Lab is blocked by default when the Cylc UI Server is launched as a token authenticated (i.e. standalone) server. This PR reinstates access for this situation and this situation only.

• Requires through security testing both in standalone mode and multi-user mode.

Check List

• I have read CONTRIBUTING.md and added my name as a Code Contributor.
• Contains logically grouped changes (else tidy your branch by rebase).
• Does not contain off-topic changes (use other PRs for other changes).
• Applied any dependency changes to both setup.cfg (and conda-environment.yml if present).
• Tests are included (manual security testing required).
• CHANGES.md entry included if this is a change that can affect users
• Cylc-Doc pull request opened if required at cylc/cylc-doc/pull/XXXX.
• If this is a bug fix, PR should be raised against the relevant ?.?.x branch.

[MetRonnie]

LGTM, will approve once we have tested this

[MetRonnie]

My approval is pending a changelog entry.

Also what about an entry for #570?