Add mechanism to approve reviewers

The vetting deployment will live on the public internet, but we only want to allow certain users to vet the recording files. We need to add some sort of mechanism to support this.

One suggestions was an intermediate model with a foreign key to `User` and a boolean column `approved`. Authorization flow should check the `approved` column for each user.