Refactor collections permissions

While working on tests that used the new Collection/Fragment Team API endpoints, I noticed that the new endpoints weren't returning a 404 Not Found response if the Collection or Fragment didn't exist.

Adding those checks meant copy/pasting a chunk of code, so I refactored the common code into getCollection, getFragment and applyPermission (which performs the permission check via Authsome and filters the output if needed).

I think this makes it clearer what's happening in each endpoint, but see what you think. The common methods could be moved into a separate file if they'd be useful in other endpoints.