Use Django's admin permissions during the CSV import view

Currently the CSV import functionality is only accessible to superusers, those administrators who have total permissions over a server. This is important to protect the integrity of the database, since obviously if any authenticated user has access to this view then they have permission to inject any data they wish directly into the database.

Django's own admin site implements a rich permissioning system, which we could plug into for better permissions. This wouldn't be too complicated, we'd need to use Django's has_perm on the model being imported, and also on any foreign keys that are implicated by the fields imported.

Nevertheless, I'm opening an issue for this instead of implementing it directly, because I suspect that at this stage it's effort/complexity that we don't need.