Update file members.md

What does this MR do and why?

The update restricts access to the API endpoint for billing permissions to users with the Owner role only. Also links it to billing permissions for the reader

Why: Came across a customer who: "I used api as scope with maintainer as role but it came back with a 400". Shows that the documentation is unclear, which this will fix.