Authorize routes using user role in NextJS middleware

[harryrigg]

Pending the completion of Issue #128.

Currently, the NextJS middleware only distinguishes between public and non-public routes when determining authorization. This means that an attendee can access the create and edit event pages (even though they won't be able to submit the form).

A list should be created in the middleware file that defines all the routes accessible by poster only. Then, using the value set in the user_role cookie, access should be determined accordingly.