security: Prevent non-staff from accessing the NELC dashboard

We need a full /me API to show permissions.

For now we're parsing the edx-user-info and return the following information:

{
    "version": 1,
    "username": "omarithawi_elc",
    "email": "o.ithawi-c@elc.edu.sa",
    "header_urls": {
        "logout": "https://stage.nelp.gov.sa/logout",
        "account_settings": "https://stage.nelp.gov.sa/account/settings",
        "learner_profile": "https://stage.nelp.gov.sa/u/omarithawi_elc"
    },
    "user_image_urls": {
        "full": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_500.jpg?v=1711707506",
        "large": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_120.jpg?v=1711707506",
        "medium": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_50.jpg?v=1711707506",
        "small": "https://nelp-edxapp-stage.s3.eu-west-1.amazonaws.com/edx/var/edxapp/media/profile-images/065645134530d372df0384ed084648e9_30.jpg?v=1711707506"
    }
}

We need a real backend API that shows the information above in addition to the following data:

Allowed tenants, with their names, logos and IDs for non-superusers
Is Superuser is_staff or is_superuser in a single field
List of course_access_roles
Is Tenant Admin: true/false someone can be a data_researcher but not a tenant admin

nelc / futurex-openedx-extensions

security: Prevent non-staff from accessing the NELC dashboard #11