Make Knock more extensible

[mhluska]

• Changes private methods to protected so sub controllers can reuse things like auth_params
• Adds an as_json method to the model so we can call it from sub controllers and add useful things like user_id along with the token.

The main motivation for doing this is that it's not clear how to add a user id to the json response during token create. I see that the AuthToken model has a payload attribute with the key sub that contains the user id but this never gets used because to_json only includes jwt. Unless I'm missing something, this looks like an oversight.

So I'm doing this in my UserTokenController now:

def create
  json = auth_token.as_json.merge(user_id: entity.id)
  render json: json, status: :created
end

An alternative would be to change this PR to include payload in the to_json call.