Apply authorization in the shopping example

[jannyHou]

Suggestion

Add authorization system in the shopping example according to the PoC loopbackio/loopback4-example-shopping#231

Use Cases

• Implement the authorizer using casbin
• Decorate User endpoints and its related model's endpoints with @authorize
• Mount the authorization component
• Specify different roles for users, like ADMIN, CUSTOMER, etc...
• Specify custom voter on for endpoints if needed

Acceptance criteria

• add different roles for users, secure endpoints in user controller
• modify existing tests to pass
• Update the shopping example with authorization. Details see the description and user cases
• add some document to introduce this feature

[jannyHou]

Thanks @deepakrkris for taking care of this story, had a chat about the improvements based on the PoC PR, here is a summary:

a summary of missing stuff:
- add different roles for users, secure endpoints in user controller
- modify existing tests to pass
- add some document to introduce this feature

[deepakrkris]

3 out of 4 in acceptance criteria is completed. only documenting authorization in README.md is pending.

[deepakrkris]

PR loopbackio/loopback4-example-shopping#231