API: Implement RBAC on c.rh.com

[chouseknecht]

It appears that we need to change how security works on c.rh.com.

Jira Issue: https://projects.engineering.redhat.com/browse/RHCLOUD-3671

Implementation doc: https://docs.google.com/document/d/1xQqgxkZgIQTHpfvBpH_2F2Rpm_ox-LJcZDl5gxeW2vs/edit

Contact: kriedese at redhat.com

[chouseknecht]

Will need to assess how this impacts our ability to detect that a user is a Partner Engineer.

[alikins]

looking

[chouseknecht]

Turns out we're not required to do this. There's no need for customers to define user roles within their org. The only permission thing we do in AH is assigning partner orgs to namespaces, giving users within that org access to publish collections.