Implemented a preliminary Role-Based Access Control for the REST API.

  In this version, there are three predefined roles:
  - Administrator: This role could access all resources.

  - Viewer: This role can only view resources and data, corresponding to all GET requests in the REST API.

  - Publisher: This role is special for MQTT messages publish, it can only access publish-related endpoints.