Authorization support for Keycloak OAuth policy - allow users to define the role(s) required to exist in the KC bearer token in order to be allowed access to the service