SQL: move SQL request parameters from http url params to JSON body payload

At the moment, an sql request gets the parameters as http request parameters (`mode` for example). Apart from the fact that it should be possible to get them inside the JSON payload (which doesn't currently work), we should completely switch to having these parameters in the JSON body only.
We should, also, be strict with the body content and only allow valid elements.