Rework ACLs

[pedrolucasp]

ACLs right now aren't really implemented on DigitalSoul. I've done a very barebones implementation by looking up if the user can see that content and exposing a forbidden prop to the page component. We should use the same ACL mechanism on the backend/APIs and also with the introduction of new functionalities this might get messy fast.

The issue here is that there's not really a well-defined and standardized way to do that, at least as far as I've looked up, so it needs some investigation here as well.