`/reserve` and `/create-volumes` endpoints allow operations for any role

When frameworks reserve resources, the validation of the operation ensures that the role of the reservation matches the role of the framework. For the case of the /reserve operator endpoint, however, the operator has no role to validate, so this check isn't performed.

This means that if an ACL exists which authorizes a framework's principal to reserve resources, that same principal can be used to reserve resources for any role through the operator endpoint.

We should restrict reservations made through the operator endpoint to specified roles. A few possibilities:

• The object of the reserve_resources ACL could be changed from resources to roles
• A second ACL could be added for authorization of reserve operations, with an object of role
• Our conception of the resources object in the reserve_resources ACL could be expanded to include role information, i.e., disk(role1);mem(role1)