Make sure users can only modify their client's sites

[simlmx]

Description

We have basic authentication in the API but all the users have access to all the sites. We need to change it so that a user is assigned to a single client and has access to all the sites of that client.

Implementation

TODO

Other considerations

All the lines that look like

client = session.query(ClientSQL).first()

should be replaced by something like

client = get_client_for_user(auth)

Run git grep pv-site-api/issues/90 to find all (most?) of those.

[peterdudfield]

This is now solved with the changes made in #99