is_legit_token: Check that token appears to be legitimate

This unexported function exists to catch tokens that are technically valid, i.e. `inherits(token, "Token2.0")` is TRUE, but that have dysfunctional credentials.

Other authentication functions: gar_attach_auto_auth, gar_auth_service, gar_auth, gar_auto_auth, gar_gce_auth, get_google_token, token_exists