Remove the global HTTP interceptor provided by angular-jwt which added
the Authorization header to API requests and replace it with explicit
logic in `createAPICall` to do the same thing.

This will enable replacing the JWT tokens with opaque access tokens when
using a publisher-provided grant token for authentication.

It also provides a more explicit way to only include the access token
with requests to the API, rather than filtering based on the URL prefix
of the request in the `tokenGetter` implementation.

 * Remove angular-jwt's HTTP interceptor and replace it with logic in
   store.js to explicitly fetch an access token using the `auth` module
   and add an Authorization header to API requests.

 * Convert standalone functions and global variables in auth.js to
   methods on the auth service. This will enable swapping out the
   current auth service implementation which uses cookies + CSRF
   for authentication with one that uses the OAuth grant token.

 * Fix several cases in store-test.js where functions that made
   assertions inside Promise callbacks did not explicitly wait for the
   Promise to resolve before finishing the test.