Add permissions to keys

[thefinn93]

Currently all API keys have permission to do everything. We could make fine grained permission controls for each endpoitn pretty easily