The /roles endpoint exposes the list of all roles and their weights, as well as the list of all frameworkIds registered with each role. This is a superset of the information exposed on GET /weights, which we already protect. We should protect the data in /roles the same way.
- Should we reuse VIEW_FRAMEWORK with role (from /state)?
- Should we add a new VIEW_ROLE and adapt GET_WEIGHTS to use it?