Before reverse proxying requests to Central, Sensor should request a rox token from Central that is scoped to the namespace that is requested from the console plugin. We must therefore add support for such a token exchange api.

The issued tokens must be short-lived and shall not be persisted in the database along-side regular user-generated tokens.

Consider making the permission set that is requested configurable.