Context: precursory investigation to any further work about self-service "customer has been onboarded to rosa" verification tooling.

Will allow us to do some more fine-grained access management instead of just "a RH associate can hit all the endpoints" 

• Investigate how we could move the responsibility of authorization that turnpike does into our app instead 
• need to consider both spring security and quarkus

Knowledge transfer session has good background: https://drive.google.com/file/d/18_K6YAwtqoGDLL8GMCFFKF8OBTva3OLf/view

• Should consider: User, system, and service accounts
• Additional improvements that were identified by Kevin for
  • Reconciling the roles between Quarkus & Spring Boot
  • futute work to implement resource-based access control (ReBAC)

Done Criteria

• We have a path to build support at different levels of access for Support Engineers & development engineers
• Document written and presented to the team with options/suggestions for building out that different levels of access
• Document includes plans for how we're going to test those different roles (relates to RBAC testing investigation spikes)