[WIP] Upgrade authorization security

[michellemtchai]

The following is the breakdown of the authorization:

step 1	step 2	step 3	step 4	step 5	step 6	step 7	step 8	step 9	step 10
logged_in	set_roles	listed_as	get_utorid	calls_route	tapp_access	access	has_access	has_role	runs_route_function
		is_instructor			tapp_admin
		is_applicant			cp_access
					app_access
					admin_or_instructor
					cp_admin
					either_admin_or_instructor
					either_cp_admin_or_instructor
					both_cp_admin_or_instructor
					correct_applicant

get_utorid gets the request.env['HTTP_X_FORWARDED_USER'] from Shibboleth