Improve permission handling

[b-rowan]

Improve permissions handling with string parsing.

Rules are as follows -

• * - Matches all at all levels.
• ! - Prefix, inverts the permission, and takes priority.
• foo - The name of a permission, just foo on its own grants all sub permissions for that value.
• foo.* - Same as foo.
• foo.bar - Grants bar permissions for foo endpoint.

For example, if an endpoint requires foo.bar.baz, valid user permissions are

• *
• foo
• foo.*
• foo.bar
• foo.bar.*
• foo.bar.baz

User permissions that will always be invalid are the inverted versions of this, so

• !*
• !foo
• !foo.*
• !foo.bar
• !foo.bar.*
• !foo.bar.baz

[b-rowan]

On second thought, leaving as a draft until #85 gets merged, so I can add docs on this.

[tsagadar]

Bit sad to switch from a "type-safe" approach to free form strings that can have typos. But ok for me.

[b-rowan]

Yeah it's not my favorite either, but I think this makes more sense for allowing plugins.

I could try to make this more type safe, maybe by having the nav register permissions, then checking if all user permissions match a valid pattern, but that could be a problem with plugins.

[github-actions]

filepath	function	$$\textcolor{#f14c4c}{\tt{failed}}$$	SUBTOTAL
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_register\_device}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_rollout\_full}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_rollout\_signalling\_download\_failure}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_rollout\_selection}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_latest}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_latest\_with\_no\_software\_available}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_pinned}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{tests/updater/controller/v1/test\_routes.py}}$$	$$\textcolor{#f14c4c}{\tt{test\_up\_to\_date}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$		$$\textcolor{#f14c4c}{\tt{8}}$$	$$\textcolor{#f14c4c}{\tt{13}}$$