Move @RequiredPermission from the controllers to the service implementations

[ocielliottc]

Is your feature request related to a problem? Please describe.
As we move away from requiring the ADMIN role to individual permissions, we have been placing @RequiredPermission on the controller methods to restrict access of users to specific functionality. The problem is this leaves the services open to cross-service calls that will not be restricted since restriction is currently on the controllers.

Describe the solution you'd like
We need to move the @RequiredPermission annotations to the services so that all permissions are honored regardless of where the call was initiated.

Additional context
See #2832 for more info.