Rework creating a competition to be split in an admin/setup part and a participant part

[Sch3lp]

Why this feature Right now there's no distinction between a participant or someone that created the competition (admin? creator? host? Discover better name for this kind of actor).

And flow works like this:

1) Someone creates a competition (selecting challenges and dates), and becomes the admin 1) Admin adds competitors 1) Admin shares Competition url with the participants 1) Any participant can now create a new competition, challenges, add competitors, remove competitors, ... (basically a participant becomes an admin)

This allows sore losers to mess up the entire competition, and we don't want to incentivise that behaviour.

Tasks

• [ ] Introduce roles (admin and participant?) #36
• [ ] Figure out how to generate an admin only link (unique per admin, so if multiple admins, multiple links)
• [ ] Provide shareable link for competition (this should just be the default link actually, with the CompetitionId)
• [ ] Allow a participant to select their name when they access their link
• [ ] Put their name in local storage
• [ ] Provide a way to change who they are acting as

[Sch3lp]

Current ideas to introduce authorization:

• Add SpringSecurity
• Add role to current session, when application was accessed using an admin url
• Maybe pull competitor admin stuff to different page (or don't allow removing competitors from the current competitors list on the main competition screen)

[Sch3lp]

Since the only thing I wanted to block is for competitors to screw up a running competition, an easier fix is to just not allow adding/removing competitors when a competition is running.

So I won't introduce Spring Security, or authorization for that matter! Yay!