Add client id to tag instance model and block cross-client tag instance deletion #40
Description
API tag instance deletion checks that the authorized user id is the same as the user id on the tag instance to be deleted, failing with a 403 if they are different. This prevents users from deleting tag instances created by other users. But if the tag instance was created by a machine client (client credentials grant), it can be deleted by a different machine client, since tag instance user id is null, as is the auth user id.
The originating client id should be stored on a tag instance, which would enable the API to prevent a machine client from deleting a tag instance that it didn't create. Note that this only applies to non-user tag instances; we shouldn't prevent a user from deleting their own tag instances if creating and deleting via different clients.
This would also be useful informationally - to show the origin of a tag instance created by a machine client in a UI.