API Security

- added APIAccess class to define access levels of API Endpoints (permissions)
- use "mailpoet_token" for all nonce (just as before)
- merged setupPublic/setupAdmin methods in API in order to avoid duplication
- check permission if access level is not all
- fixed ABSPATH check in some classes

lib/API/Endpoint.php

@@ -5,6 +5,8 @@ if(!defined('ABSPATH')) exit;
 
 abstract class Endpoint {
 
+  public $permissions = array();
+
   function successResponse(
     $data = array(), $meta = array(), $status = Response::STATUS_OK
   ) {