Namespace write guard

[hannah-martinez]

Changes

• In the Auth0 dashboard, the new app_metadata field allowed_namespaces is added to the token via a post-login trigger.
  • This field is a list. If "all" appears in the list, then the code changes in this PR will grant the user write access to all namespaces. Otherwise, the user is granted access only to the namespaces in the list.
• In the Auth0 guard code, this field is propagated to the request params.
• All post, patch, and del requests have an additional wrapper function that checks whether the namespace of the requested action appears in the allowed_namespaces.
  • Post requests check the namespace of each document to be inserted
  • Patch and del requests query the document to be edited/deactivated and check its namespace before allowing the action
  • Patch namespace checks both the original and requested namespaces

Please test locally yourself before merging, as this would not be fun to go back and debug later if there are any bugs! I can send a script and pointers if helpful.