Revisit authorization of protected endpoints #155
Description
Some of the admin endpoints and those used by dashboard should be accessible only by admins who are logged in. Code in backend/middleware/auth.js makes use of jwt token returned upon successful authentication. We should use it consistently for all endpoints that need protection.
Currently, questionnaire answers are posted by users who are not authenticated. We should come up with a mechanism to validate these are legitimate requests from our UI.