Timesheet API: Data Validation for updateTimesheets endpoint

[izzyconner]

This serves as a clean-up for any and all data validation we need for admin, supervisor, and associate updateTimesheet endpoint(s)

• Add in an editing lock system that will write in a userId when a timesheet is being edited by a certain role/user, and will prevent others from editing while it's locked
• Only allow whitelisted attributes to be modified from the timesheet - they should not be able to overwrite certain fields such as the timesheetID, the startDate, etc.
• For Associate Supervisor and Admin fields, they should only be able to update these attributes if they are the relevant person for each. I.e. Associate should only be modified if they are the employee