Introduce a new UserSessionInterface which holds session information

Due to some authorization information comming from the Person entity and some
from the access token we currently have a cyclic dependency between them.

To reduce the dependency move the Person entity out of the authorization path and
expose all the information that is needed for good caching via a new UserSessionInterface.
Any Person related caching needs to happen in PersonProviderInterface now.

UserSessionInterface represents a pseudo session, since its information is only derived
from a verified access token. Nothing is stored on the server besides some caches.

The implementation currently resides in DefaultUserSession, but in the future this interface
will likely be replaced with a dummy implementation and the real one will be moved
into the university specific bundle.