Factorized the code for allow_access and allow_publish

[Telokis]

Closes #100

This PR aims to fix the security issues the current allow_access implementation has.
Anybody can access any package as long as he is authenticated.
Instead of just fixing this issue, the new branch completely merges the behavior of allow_access and allow_publish by introducing a generic allow_action function that is used by both of them.
The new behavior allows users to specify $authenticated and $all/$anonymous for both publish and access.
It also introduces a new meta-group: $owned-group (This name could change before the release). This meta-group represents a permission where the user can only perform the action on a package where he has publishLevel permission in Gitlab. This is the curent behavior for publish.

[Telokis]

I updated the tests and the README (I took the liberty to incorporate and adapt the changes suggested by @slhck in #104 ).

[Telokis]

By the way, I didn't mention it but I think this should be a major release, it will break all existing configurations relying on $authenticated.

[bufferoverflow]

as said, if we add functionality for different access levels, people should be able to define the level of their choice for access and publish.

https://github.com/bufferoverflow/verdaccio-gitlab/pull/101#discussion_r365688342