Spike - RBAC AuthZ - Understand current course authoring roles and permissions logic and propose reusable solution

- Research how the user access permissions are handled on the legacy system
- Understand how filtering works for getting bulk objects that a user has access to
- Propose a reusable solution or pattern we can use to ease further development and support both authz mechanisms
- Estimate effort needed for implementation