* Enhance security and safety around user update API
- Prevent a regular user from promoting themself to admin
- Prevent an admin from demoting themself
- Refactor token fixture to admin + regular user tokens
* Restrict user CRUD API to admins
* Secure admin API routes
* Refactor APIrouter into Admin/UserAPIRouter
* Secure theme routes
* Make 'all recipes' routes public
* Secure favorite routes
* Remove redundant checks
* Fix public routes mistakenly flagged user routes
* Make webhooks changeable only by admin
* Allow users to create categories and tags
* Address lint issues
* fix favorite color issue
* db and models for comments
* rename files
* initial UI for comments
* fix format
* import / export
* fixes#428
* format
Co-authored-by: hay-kot <hay-kot@pm.me>
