Add user authentication and autorisation

[JimBacon]

To control access to the API, add an authentication layer.

• Users will log in with a username and password.
• They will be associated with an organisation and will be authorised to access the resources of that organisation.
• They will have a role of [read|write|admin|root]
  • read can view organisation data
  • write can update device and deployment data for an organisation
  • admin can manage users for an organisation
  • root has no restrictions