Allow invoking token introspection endpoint with bearer token

We should add a special role that permits invoking token introspection endpoint. This would make it possible to invoke token introspection by authentication as a confidential client as now, but also allow invoking it with a valid token that has the special role.