Restricted user access

[Winston-Hsiao]

add is_restricted as a UserPermission literal type in store/app/model.py, if this is set on a user, the user can no longer interact with core/abusable features on the site. Examples include (posting a listing/uploading images etc, would wan't to prevent a user from spam posting/uploading).

is_restricted can be set manually via some db management interface or, by implementing flags for suspicious behavior on the site.

Restrictions should be implemented both client side and in backend api calls.

1. if user has is_restricted permission disable buttons, and potentially disable various nav/page renders (could redirect/display to the user that their account has been restricted and to contact support)
2. various backend api routes should check if user is_restricted before allowing CRUD operation

Should also look into potential rate limits for various CRUD operations to prevent abuse.