updated stop.ts so it checks for user rights instead of the SYSTEM flag which can possibly cause some unnecessary complications when it comes to instance management
*also has been tested with multiple tokens to be sure that this does NOT permit normal users to POST to the /stop API route
**NOTE**: instance owners will have to re-run `npm run setup` for these changes to take effect