[Feature] Provide a Firestore collection that propagates to custom claims

[davidhicks980]

It would be convenient to be able to write permissions to Firestore that propagate to user's custom claims, similar to this experimental extension.

This would make it easier to log users out when permissions change (via an onSnapshot listener), rather than having to refresh a user's ID token manually. Additionally, it would provide more visibility into user's current claims.

Thanks!

[davidhicks980]

Whoops - just realized this info does get propagated in the purchaser-info field