For API /api/push/sonarlint_events
1. Permissions are checked when the connection is established. Then, the user could lose permission on a project.
As it's hard to react to permission change (could be inherited for a group), it's easier to check permission on every event sent in the client.
=> Before sending a message, validate the project's permissions for the user.
2. Authentication is done once when the connection is established. Then, the authenticated user could be deleted/deactivated.
It is time-consuming to implement immediate close of connection when the user is deactivated, hence we are going to check whether the connected user is still 'active' on every push to the client.
=> Before sending a message, validate that connected user is still valid (not deactivated) user of SonarQube.