refactor: replace refresh & access token with auth token only

changes authentication to no longer use a refresh token & access token
for accessing protected endpoints. Instead only an auth token is used.

Before the login flow was:

Login -> get refresh (stored as HttpOnly cookie) + access token (stored in memory) ->
  protected endpoint request (attach access token as Authorization header) -> access token expires in
  15 minutes, so use refresh token to obtain new one when that happens

now it looks like this:

Login -> get auth token (stored as HttpOnly cookie) -> make protected endpont
request (token sent)

the reasoning for using the refresh + access token was to reduce DB
calls, but in the end I don't think its worth the hassle.

internal/graph/schema/_models.gql

@@ -50,13 +50,6 @@ type Member {
   member: MemberList!
 }
 
-type RefreshToken {
-  id: ID!
-  userId: UUID!
-  expiresAt: Time!
-  createdAt: Time!
-}
-
 type Role {
   code: String!
   name: String!
@@ -97,6 +90,7 @@ type Team {
   id: ID!
   createdAt: Time!
   name: String!
+  permission: TeamPermission!
   members: [Member!]!
 }
 
@@ -106,6 +100,17 @@ type InvitedMember {
   invitedOn: Time!
 }
 
+type TeamPermission {
+  team: RoleCode!
+  org: RoleCode!
+}
+
+type ProjectPermission {
+  team: RoleCode!
+  project: RoleCode!
+  org: RoleCode!
+}
+
 type Project {
   id: ID!
   createdAt: Time!
@@ -114,6 +119,7 @@ type Project {
   taskGroups: [TaskGroup!]!
   members: [Member!]!
   invitedMembers: [InvitedMember!]!
+  permission: ProjectPermission!
   labels: [ProjectLabel!]!
 }
 

internal/graph/schema/_root.gql

@@ -90,6 +90,7 @@ type ProjectRole {
 
 type MePayload {
   user: UserAccount!
+  organization: RoleCode
   teamRoles: [TeamRole!]!
   projectRoles: [ProjectRole!]!
 }

internal/graph/schema/user.gql

@@ -1,5 +1,4 @@
 extend type Mutation {
-  createRefreshToken(input: NewRefreshToken!): RefreshToken!
   createUserAccount(input: NewUserAccount!):
     UserAccount! @hasRole(roles: [ADMIN], level: ORG, type: ORG)
   deleteUserAccount(input: DeleteUserAccount!):
@@ -72,10 +71,6 @@ type UpdateUserRolePayload {
   user: UserAccount!
 }
 
-input NewRefreshToken {
-  userID: UUID!
-}
-
 input NewUserAccount {
   username: String!
   email: String!