Review Board 2.1+ supports authenticating using API tokens. This change

adds a new --api-token= parameter for commands to make use of these when

authenticating.
Since authentication happens before accessing resources, we can't really

check for a capability before deciding whether or not to allow a user to

pass a token. Passing a token to a server that doesn't support it is

harmless, though.

Tested this with different policies, including Full Access, Read-Only, and

custom policies. I used rbt api-get, rbt post, rbt close, rbt status,

and rbt diff.
I tried posting this change using a read-only API token, and got an error about

not having permission. I then tried with my full access token, and it succeeded.