Support JWT Bearer token authentication on the REST API with reader group access control

Currently, the Document360 REST API only accepts a project-level api_token for authentication. This means any custom app integration (e.g., SAP BTP, Salesforce middleware, ServiceNow connector) that calls the API server-side gets full project access — there is no way to scope responses to a specific reader or reader group.

Use case: An enterprise in the media industry built a custom SAP BTP Translation app to embed Document360 inside SAP Service Cloud V2. Their agents have different roles — some can see private articles, some cannot. Because the API only accepts api_token, all access control had to be implemented in their BTP code. Every new private article requires a manual update to the BTP access mapping.

Request: Support Authorization: Bearer <jwt> on the REST API, validating the token and returning only the content of the reader's groups that are permitted to see — the same access control that the widget applies natively, but available for server-side API calls.