Continued authz

[calebbourg]

Description

Adds Authorization plumbing and functions for index actions.

There's a good amount of duplicated code. I think I'm at a point where I'd like to audit and re-think our error handling a bit. Probably use an existing crate. My thought is that it will be much easier to refactor some of this authorization stuff to remove the duplication if I take a step back and improve on how errors are propagated through our abstraction layers.
The plan would be something like this:

• Merge this PR
• Pivot to work on our real-time collaboration stuff
• Come back and think through error handling
• Refactor this code and add authorization functions for other operations (Ex. updating resources)

Testing Strategy

valid coaching_relationship_id

curl 'http://localhost:4000/coaching_sessions?coaching_relationship_id=c6026a63-bace-4e83-bfda-5987e63a5192&from_date=2024-11-04&to_date=2025-01-04' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: id=FJd0ETgOe6PM4MhvZwWuXA' \
  -H 'Origin: http://localhost:3000' \
  -H 'Referer: http://localhost:3000/' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-site' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' \
  -H 'X-Version: 0.0.1' \
  -H 'sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"'

[jhodapp]

A great start, I'm looking forward to building on top of this!