Addresses a security vulnerability where the `/users/[:id]` route was accessible to users without
the necessary permissions. Adds middleware that protects that route so that only authenticated users
with the MANAGE_USERS and VIEW_WATCHLIST permissions can access other user's profile pages as
intended.
fix#569