Improve FastAPI authentication handling

Solves fastapi: Rework all auth requirements to depend on credentials of #136 (closed)

Create a new credential_required decorator which can be used in place of auth_required.

Though a credential_required decorator was suggested, most of the calls to has_credential use the approved parameter which couldn't be implemented in the decorator. At best, smaller decorators could be used within groups of routes that check against similar approved users (like those of pkgbase). The remaining calls to has_credential do prior processing or still allow requests to continue despite the credential not existing.

Add error mappings for credential_required failures (this will additionally require that we supply a way to give credential_required the proper template and context it'll need to render the page which the error should be displayed on.

See fluix/aurweb@54046af2