alter json api routes to require role: uploader

[jamestranovich-noaa]

What does this PR do? 🛠️

Alters the route such that the role uploader is required to access resources. Addresses #1659 -- we can still prevent GET but I'm feeling happier about this approach.

What does the reviewer need to know? 🤔

Note: depends on the previous JSON API PR

[greg-does-weather]

This is a really clean solution. I love it!

One small question, and up to you whether you want to do anything with it. Would it make sense to move this into the weather_cms module instead of the weather_login module? Code organization is a neverending, unsolvable problem so there's no right answer. We also have weather_routes that might make sense? We should probably get together as a team and define some basic boundaries for these modules, so we have a shared understanding of what they’re for and what kinds of things go in them.