Internal authorization whitelist feature

In the short term, we might need to implement a feature to filter which users are allowed to access the resources of the API by setting up a whitelist. This takes importance when integrating the API with other auth providers that are open to registration (different from our BSC CAS) like a vanilla Github Oauth App.

An initial whitelist can be implemented in the API. But I suggest that this list has to be something that both, the API and Autosubmit, have to be aware of. This will help us to better define who is the owner of an experiments and who can access to it in the future.