* writes test for sharing using the API
* fixes bug on frontend form where an exception occured on generating a new API token if no token existed, yet
* adds permission constraint (default group) for using the api in general
* fixes default-group-only behaviour for sharing-API, so users can only add new users and not removing them, as long as they do not have any other group membership like registration or conservation office
* changes 'ksptoken' to 'Ksptoken' to match CGI standard for http header keys
* adds token checking to AbstractModelAPIView
* adds user accessibility filtering for intervention API v1
* extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value
* organizes urlnames into supporting formats like "api:v1:intervention"
