Improve the Role Based Access Control

[myyxl]

Currently the RBAC works by wrapping the EventHandlers inside another one that checks for roles. This does work, but is probably not the best solution. One reason being useFetch doesn't pass the client auth cookie when doing the internal request for SSR. For now this is fixed by creating a wrapper composable, which lacks a lot of needed features though.

I would keep the EventHandler wrapper approach, if there's a way to pass the auth cookie without using a composable wrapper.

Also: The role checks inside the EventHandler wrapper are improvised and should be improved.

[myyxl]

A hacky way would be to override the ofetch implementation to always pass the cookies, or to add a boolean flag (default true), if the cookies should be passed. This whole RBAC could also be made into a new library, since it might not be the only project in which you need access control.