/kind feature

Describe the solution you'd like
Right now the backend for both the new and old UIs does not perform any authorization checks and only relies on the permissions of the backend's ServiceAccount.

The backend should follow the architecture of the other backends kubeflow/dashboard#41 and use SubjectAccessReviews before making an action, to ensure it doesn't violate K8s RBAC permissions.

Anything else you would like to add:
We should enforce these authz checks at least for actions on Experiments and Trials. The tricky part will be the checks for ConfigMaps.

The app handles ConfigMaps for the TrialTemplates which, right now, only reside in the kubeflow namespace. IMO we shouldn't give permissions on users to edit/delete ConfigMaps in the kubeflow namespace. We had already started a discussion about having TrialTemplates reside in each namespace, and not in kubeflow #1546.

I think we have two options:

1. Postpone this effort until we've changed our UX to have TrialTemplates per namespace and not always in kubeflow namespace
2. Move forward but don't perform any authnz checks for ConfigMaps in the kubeflow namespace that have the TrialTemplate specific label

@andreyvelich @johnugeorge @gaocegege WDYT?