Protect endpoints using an Authentication Service

[epwr]

User Story

As the service maintainer, I want only users that have authenticated and been provided with the Admin permissions to be able to view the admin pages, or create and edit surveys.

Out of Scope

[epwr]

Likely need to decide a authorization plan when setting up authentication.

Authz idea:

• RBAC to start with a list of admins. eventually a viewer role to see survey results.
• ReBAC if/once there's a need to separate roles by survey.