I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.
I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
When the association between a tag and an entry is removed, if the tag doesn’t have other entries, we can remove it.
Also add more tests for that part and ensure TagControllerTest is isolated from the rest of the test suite (finally!)
Also, retrieve tag from the request instead of the query (which will be the same but it's more easy to test).
Moved down `deleteTagAction` because it conflicted with the new action:
api_delete_tag => /api/tags/{tag}.{_format}
api_delete_tags_label => /api/tags/label.{_format}
And finally, throw exception when a tag is not found before removing it.