this makes it so if a user requests a page (not API route) and isn't
signed in, it automatically redirects them to the sign in page (doesn't
show a flash of the error page)
SSR was causing weird issues where error pages would flash because the
user wasn't logged in. I'm disabling it for now, but I will eventually
look into ways to fix the issue and re-enable it.
Object storage now works fully, with the permission system. It still
needs additional external endpoints for updating and deleting objects
from the API, but it is otherwise complete. Further tasks include
writing an S3 adapter.
