Remove token from URL if identified as less privileged than a user token #8140
Description
When sending a backend request with an insufficient token taken from the annotation URL the frontend now retries to use the user's personal token instead. Upon successful request, the frontend now only remembers not to use the token from the URL again. But it would be better if the token would be fully removed from the URL.
The reason is why this was not initially implemented this way is due to newly created cyclic dependencies: Check #8139 (comment)
Detailed Description
Context
In case a user opens an annotation with an outdated token or the user itself has permissions to update the annotation but not the token, each first time the frontend notices that it should use the user token an error toast is shown to the user.
To avoid this same behaviour over and over again after each page reload, the insufficient token should be removed from the URL. (IMO)
Other related links:
#7309 and PR that "fixes" this behaviour #8139