Authentication: add role support

Zauth has recently implemented roles (see https://github.com/ZeusWPI/zauth/pull/328).
Every board member has `bestuur` role. So you can check for this role to give admin rights.

An additional role `tab_admin` can also be created to give specific users admin rights.

So during authentication, you just need to add the `roles` scope and the roles will be included when fetching the user info.