[#1940] Reinstated OAuth-less `admin_token` authentication
Reinstated OAuth-less admin_token
authentication.
Refactored UserIsAdminPlug (freed from checking admin scopes presence).
Applied rate limit for requests with bad admin_token
.
Added doc warnings on admin_token
setting.
Closes #1940 (closed)