Allow optional `device` to support 3-legged-tokens

[maxl2287]

Enhancement description
As of now the device has to be provided in the request-body.
To support 3-legged-tokens, where the device can be identified by the request, we need to make the device optional and provide only device-information in responses / events, when a 2-legged-token was used.

Tasks

• Adding error-code UNECESSARRY_IDENTIFIER in HTTP-422-responses
• Make the device non-required in the request-body and in the Cloud-Event
• Add the following point in the Error-Handling-section of info.description:

    - If the subject can be identified from the access token and the optional `device` object is also included in the request, then the server will return an error with the `422 UNNECESSARY_IDENTIFIER` error code. This will be the case even if the same device is identified by these two methods, as the server is unable to make this comparison.

• Add the section for Identifying the device from the access token in the info.description

# Identifying the device from the access token

    This API requires the API consumer to identify a device as the subject of the API as follows:
    - When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided.
    - When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token.

[maxl2287]

This issue should be taken into account after #28 is closed