Extend the API to support Role Based Authorization

Make Create, Update and Delete Employee endpoints accessible only for users with Role Admin.
For the other controllers make Delete endpoint accessible only for Admins.
We should support User and Admin role for now.