Verein360 application data endpoint protection

[f1sh1918]

Is your feature request related to a problem? Please describe.
Since this mutation is not behind an login, the mutation has to be protected.

Describe the solution you'd like

• create a separate role "Verein 360" that can create api tokens
• check if the api token has the correct access rights (is role Verein360 and project eak)
• send insufficient permissions error and log the failed attempts
• add the log pattern to fail to ban (salt) to ensure that after 5 failed attempts the ip will be blocked

[f1sh1918]

@ztefanie not sure if we also have to add the possibility to create a user with this role via administration gui or it is sufficient to create it via runConfig and backend command, since we probably will only need one. Please check if there is anything to add in this ticket :)

[ztefanie]

I think this user should also be able to be created via administration ui, it is not really effort for us to do this.

But in general I think it would be nice, if we move to a clean RBAC structure, i created a ticket for this here: #1626
we can discuss this at a grooming.