Add permissions check for bulk download

[Didayolo]

Description

Adding permissions to avoid that any user can bulk download any submissions using the API.

Issues this PR resolves

• Closes: Anyone can download others’ submissions without any permission checks #1824

A checklist for hand testing

Access the following URL:

http://localhost/api/submissions/download_many/?pks=["3", "12"]

Replace ["3", "12"] by a list with different submissions ID.

Check that the download works only if you are allowed to download all submissions, otherwise you should have a relevant error message ("You need to be logged in", "You are not allowed to download", etc.)

You should be able to download a submission only if:

• You are the owner of the submission
• You are the competition organizer of the competition that received the submission
• You are super-user of the platform

Checklist

• Code review by me
• Hand tested by me
• I'm proud of my work
• Code review by reviewer
• Hand tested by reviewer
• CircleCi tests are passing
• Ready to merge

[Didayolo]

Post-it: need to check also the bulk download from "Submissions" organizer interface

[ObadaS]

I have tested it locally and everything is working correctly.
I tested as Site Admin, Organizer and a normal User. I do get error messages when I try to download submissions that I do not have access to when I am an Organizer or a normal user.