Create authorization framework

[shiranr]

We currently have only full authentication system and the authorization is not implemented.
There are currently 2 roles which are being used:

1. DataProvider
2. DataAdministrator
   There needs to be a mapping for the different personas (users) of the system and create an authorization mechanism around it.

The current status of the system contains the APIs of:

1. _health - open api for everyone.
2. FHIR APIs - should be restricted:

• Patient, Organizations etc.
• Ingest

1. Internal APIs - internal/run/ods - should be restricted with a special use case for internal admin commands

[johncollinson2001]

Hi @shiranr

I think we currently have some basic AuthZ:

• DataProvider - can post data to the $ingest endpoint
• DataConsumer - can query data via the FHIR endpoints

Is the requirement at this time for an additional role for DataAdministrator, which has access to the internal API endpoints to execute the background services?