Add Backend check for User Role on confirmed/day notes/ etc. endpoints

[x-snackage-x]

The following three endpoints have to be protected against access through a participant:

• all the incident endpoints
• daySheet/getAllNotConfirmed
• daySheet/getAllByMonth/{month}
• daySheet/getAllByParticipantAndMonth/{userId}/{month}
• daySheet/updateDayNotes
• daySheet/confirm/{id}
• daySheet/revoke/{id}

An example of how to do it for an ADMIN:

String callerId = authentication.getName();
UserRole callingRole = userService.getUserRole(callerId);
if (callingRole != UserRole.ADMIN) {
    return new ResponseEntity<>(HttpStatus.FORBIDDEN);
}

These will also require some tests for coverage.