feat: enforce user roles

enforces user admin role requirement for
- creating / deleting / setting role for organization users
- creating / deleting / setting role for project users
- updating project name
- deleting project

hides action elements based on role for
- admin console
- team settings if team is only visible through project membership
- add project tile if not team admin
- project name text editor if not team / project admin
- add redirect from team page if settings only visible through project
  membership
- add redirect from admin console if not org admin

role enforcement is handled on the api side through a custom GraphQL
directive `hasRole`. on the client side, role information is fetched in
the TopNavbar's `me` query and stored in the `UserContext`.

there is a custom hook, `useCurrentUser`, that provides a user object
with two functions, `isVisibile` & `isAdmin` which is used to check
roles in order to render/hide relevant UI elements.

migrations/0049_remove-owner-column-from-project-table.up.sql

@@ -0,0 +1,4 @@
+INSERT INTO project_member (user_id, project_id, added_at, role_code) 
+  SELECT owner as user_id, project_id, NOW() as added_at, 'admin' as role_code
+FROM project;
+ALTER TABLE project DROP COLUMN owner;

migrations/0050_remove-owner-column-from-team-table.up.sql

@@ -0,0 +1,4 @@
+INSERT INTO team_member (user_id, team_id, addeddate, role_code) 
+  SELECT owner as user_id, team_id, NOW() as addeddate, 'admin' as role_code
+FROM team ON CONFLICT ON CONSTRAINT team_member_team_id_user_id_key DO NOTHING;
+ALTER TABLE team DROP COLUMN owner;