Permission system #15
Description
Instead of storing the token in a JWT and then looking up docs with that as the key, we can store a permissions object in the JWT that contains names of DB collections, access types (read, write or both) and the document IDs the user has access to. A skeleton is already being introduced, however, there should also be a system implemented wherein when a user creates a new document it is added to their permissions object and a new access token with that information encoded is issued.