* add support for rejecting requests for methods annotated
  AuthLevel.REQUIRED before it reaches backend code
* when JWT and API key requirements are configured, require both,
  rather than either
* add ServiceException.withLogLevel for setting a custom log level
  for exceptions