Allow users to be created with dynamic RBAC permissions and/or entitlements

[bsquizz]

Currently the rbac and entitlements mock return a pre-canned response no matter what user makes the incoming request.

Modify the code so that:

1. A user can be created with specific entitlements/rbac permissions (i.e., a user's JSON stored in our tinydb should now have entitlements -- a list of entitlements for this user, and permissions -- a list of permissions for this user
2. The rbac and entitlements APIs should analyze the x-rh-identity header that comes in on API requests, extract the username and account_number, query our tinydb to find the matching user, and return the entitlements/permissions assigned to them.

There should also be default entitlements/permissions applied to each user if you did not specify them as there are now. These could be defined in config.py. If a user does NOT exist in the tinyDB, we should probably by default return a 404 or 401 or whatever rbac/entitlements would normally return for an "invalid" identity. However, we can also provide a config option that allows the default permissions/entitlements to be returned even in cases where the user does not exist in our tinydb.

[bsquizz]

@john-dupuy offered to pick this up