Access control for runtime configuration

Currently, all runtime configuration is gated behind the `admin` role. This is a good default, but it would be better to be more granular, and allow eg. moderators to configure certain things too.

Read and write permissions need to be separated. For example, any user should be able to read a theme colour configuration. Only moderators or admins should be able to change it.