security: Prevent non-staff from accessing the NELC dashboard

[OmarIthawi]

We need a full /me API to show permissions.

For now we're parsing the edx-user-info and return the following information:

{
    "version": 1,
    "username": "omarithawi_elc",
    "email": "o.ithawi-c@elc.edu.sa",
    "header_urls": {
        "logout": "https://stage.nelp.gov.sa/logout",
        "account_settings": "https://stage.nelp.gov.sa/account/settings",
        "learner_profile": "https://stage.nelp.gov.sa/u/omarithawi_elc"
    },
    "user_image_urls": {
        "full": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_500.jpg?v=1711707506",
        "large": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_120.jpg?v=1711707506",
        "medium": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_50.jpg?v=1711707506",
        "small": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_30.jpg?v=1711707506"
    }
}

We need a real backend API that shows the information above in addition to the following data:

• Allowed tenants, with their names, logos and IDs for non-superusers
• Is Superuser is_staff or is_superuser in a single field
• List of course_access_roles
• Is Tenant Admin: true/false someone can be a data_researcher but not a tenant admin

[shadinaif]

we don't need this anymore, right @OmarIthawi ?

[OmarIthawi]

@shadinaif this is more of a cosmetic UX change to ensure the Dashboard returns a useful message instead of blank dashboard.

I think this is still needed, but we can keep it open for a while.