Endpoints for web-auth

[rmil]

Currently web-auth directly communicates with the DB, whilst that works, I'd prefer it to use web-api as that medium instead, which should help with decoupling and other things.

• Need to implement endpoints
• Implement authorization
• Implement service accounts

[rmil]

The roles and permissions endpoints should be good for this, although I will need to add more constructive endpoints.

I suppose the plan is here is whilst I could implement it all in web-auth, it's better to utilise the same API really, making sure nothing is locked behind?

[COMTOP1]

So yes we can implement most of the endpoints can be put in but I will keep the authentication side out of API so no password passes through, we can pass a hash but will figure more out shortly

[COMTOP1]

All authentication will be kept inside web-auth but everything else will be handled in the API