Require refreshed login in (cookie, JWT) for sensitive CRUD routes

For end user actions such as payments, deletion of items, item addition etc, a fresh login token needs to be generated. We need to help the end user out by ensuring they are the ones actually making sensitive changes that, if done by someone that should not actually be authorized, would be harmful to the end user.