add user authorization using jwt groups claim

[markendr]

Use keycloak/jwt groups claim for Clowder access control. Users without claim should have no access. Updates include

• add auth_role setting to backend config
  • to add a role, assign to users, and add groups mapper to keycloak:
    1. click Manage realms -> clowder
    2. click Realm roles -> Create role
    3. enter Role name: clowder2
    4. click User -> required user -> Role mapping
    5. click Assign role -> Realm role -> clowder2
    6. click Client scopes -> roles -> Mappers -> Add mapper -> From predefined mappers
    7. select and add the "groups" predefined mapper
• update get_token method to check jwt groups claim if auth_role is set
• add VSCODE.md for running Clowder frontend and backend in VS Code IDE

Issues

• update throws authorization error preventing users from viewing datasets, but users without claim can still create new datasets
• should also include an auth_role for clowder admin, or edit vs view

Does existing user authorization status need to be checked and updated in clowder db with the get_token call, or via authorization and/or users routers?