Allow project-less API token to retrieve issues
Basically, we were only allowing project-specific API token to
retrieve the list of opened issues on a project, but there is no
ACLs associated with listing issues, we only use this to
authenticate the user and figure out if they can access the
private issues or not.
So we should allow project-less API token to perform this
Signed-off-by: Pierre-Yves Chibon <email@example.com>