API Security

- added APIAccess class to define access levels of API Endpoints (permissions)
- use "mailpoet_token" for all nonce (just as before)
- merged setupPublic/setupAdmin methods in API in order to avoid duplication
- check permission if access level is not all
- fixed ABSPATH check in some classes

lib/API/Access.php

@@ -0,0 +1,12 @@
+<?php
+namespace MailPoet\API;
+
+if(!defined('ABSPATH')) exit;
+
+final class Access {
+  const ALL = 'all';
+
+  private function __construct() {
+
+  }
+}