Remove current_user middleware in favor accessing cookie in authenticate

[jsha]

In #2077, a middleware was introduced to capture a cookie value from the session. The documentation for that says:

The call to conduit_cookie::RequestSession::session needs mutable access to the request and its extensions, and there is no read-only alternative in conduit_cookie to access the session cookie.

At the time that was merged, the conduit-cookie dependency was on 0.8.5. However, in the latest 0.9.4-alpha.4 (already in use by crates.io), there is a read-only accessor for session. So it should now be possible to remove the middleware and access the cookie directly in the authenticate function.