Use roles from JWT claims for evaluation of room permissions
All other services behind the HTTP GW make use of the inter-service JWT, which - in addition to what the core is used to - provides role information for the user in the room the request aims at.
The core is the exception as it currently still stores all relevant information itself, so e.g. instead of checking the JWT to check for the client being owner and therefore being allowed to delete a room, it checks the room entity itself. It uses spring security and the permissions annotations for that.
With the auth service now aiming to become the source of truth for room access information (arsnova-http-gateway!30 (merged), arsnova-auth-service!22 (merged)), the core needs refactoring. This would allow for a non-redudant information storage on e.g. who's owner or moderator.
Related: particify/dev/common-concerns#3