Add Authentication and Authorization

[tertek]

Auth Specification:

Authentication will be based on Username and Password. Authorization will be based on Role-Based Access Control (RBAC), see SlimBook Vol.3, p. 55.

We will use different authorization implementations, depending on the route types:

Session based authorization for front-end routes, such as user pages. JWT stateless authorization for protected API routes.

[tertek]

• [x] Setup "user" database (we will rename it from customers, since we are using a role based authorization model with roles "admin", "internal" and "customer").

  • [x] replace 'customer' with 'user'
  • [x] update seeders to use password hash and user roles

• [ ] Setup Authentication Routes and Actions/Services

• [ ] Setup Session middleware to authorize frontend routes, such as customer/admin routes

• [ ] Setup JWT middleware and token creation route and/or token management frontend

• [ ] Setup protected API routes and implement business logic