Configure admin interface for non-superusers

[thekaveman]

As an engineer, I want to:

• Create groups of non-superusers to assign permissions
• Allow groups to edit some model fields
• Make model fields read-only to some groups
• Make model fields invisible/not read or write to some groups
• Prevent deletion of model instances by all groups
• Automatically add certain users to certain groups upon login with Google SSO

As a non-superuser, I want to:

• Log in to the admin interface using an approved Google SSO domain
• View all models and model fields that I have permissions for
• Edit all models and model fields that I have permissions for
• Create new models when I have relevant permissions

Acceptance criteria

• At least 1 group exists: Cal-ITP for direct Cal-ITP Benefits staff
• All fields marked with Admin read permissions are not visible for non-superadmins / user groups
• All fields marked with Transit Agency or Cal-ITP read permissions are visible for Cal-ITP group members
• All fields marked with Admin write permissions are read-only for non-superadmins / user groups
• All fields marked with Transit Agency or Cal-ITP write permissions can be edited by Cal-ITP group members

Additional context

• Django admin feature: https://docs.djangoproject.com/en/5.0/ref/contrib/admin/
• Django ModelAdmin to customize models in the admin interface: https://docs.djangoproject.com/en/5.0/ref/contrib/admin/#modeladmin-objects
• Benefits admin configuration spreadsheet detailing field-level read/write permissions