fix(optimization): limit fields retrieval for user

[jamiter]

This was suggested at apollographql/meteor-integration#118

This package, purposely, only adds a userId, so the developer can decide themselves what else they want to fetch from the user. This means we only need to retrieve the ID and the resume tokens for validation.

If the developer wants to add user data to the context, they can simply add it via a custom context:

function context (currentContext) {
  const newContext = { ...currentContext };

  if (currentContext.userId) {
    newContext.user = Meteor.users.findOne(currentContext.userId, { fields: { /* whatever */ } });
  }

  return newContext;
}

One might argue that this would cause 2 requests instead of one, but in my opinion it's way more flexible and will only actually retrieve the data that is required. 2 small requests might still be faster then one large? Besides, you might only need user data in certain resolvers, so it might be even better to only query in those resolvers (using DataLoader for deduping). userId says something about authentication. User data should be retrieved like you would with any other data.

In this particular package it's also the case that DDP only offers a userId. By only offering a userId in the HTTP flow we can handle both the same way.

This all also prevents issues like mentioned here: apollographql/meteor-integration#119

[quintstoffers]

We can always make the fields configurable in the future and pass on the fetched user in the future.

[jamiter]

@quintstoffers, that wouldn't solve apollographql/meteor-integration#119 and would make authorizing the request less standard (just getting the userId) and make the DDP and HTTP version different. So I think we're good for now 😉