Split up permissions for VM definition

[kartoffelheinz]

It'd be awesome to have more granular permissions for VM Definition tab. Since we need to provide Archipel to customers that are not allowed to change anything on the Definition tab, but need to be able to change some things.

It is not necsessary to split up any action you can take into a separate permission (althought it would make sense from my perspective), but atleast split up the "usual suspects" that customers might want to change and are not affecting other systems, i.e.:

• Change of system architecture
• Change of boot order
• Change life cycle
• Enable/Disable VNC
• Change of virtual media, especially cd/dvdrom images

[primalmotion]

This is accepted, but this is not trivial. It needs hard work on the agent side as at the moment, we don't make any distinction about parameters sent into definition. It may take a while to be implemented

[CyrilPeponnet]

Renamed as split permissions token when defining VM.

Avoid implementing security in the UI as a fake crafted iq stanza could be send.