fix: respect upload and directory listing permissions

[fsbraun]

Description

This PR fixes a security issue: A staff user without any permissions

• Can browse the filer folder structure
• List files in a folder
• Add files
• Move files and folders

Thanks to Akshar Tank for reporting this issue.

Fix

This fix enforces the following permissions

• can_use_directory_listing
• change_folder
• add_folder
• add_file(also for drag&drop upload)

Desired side effects

• Users need to have the permission add_file to upload files
• Users need to have the permission can_use_directory_listing to browse the filer folders

• Related resources

• ...

• ...

Checklist

• [x] I have opened this pull request against master
• [x] I have added or modified the tests when changing logic
• [x] I have followed the conventional commits guidelines to add meaningful information into the changelog
• [x] I have read the contribution guidelines and I have joined #workgroup-pr-review on Slack to find a “pr review buddy” who is going to review my pull request.

[codecov[bot]]

Codecov Report

Merging #1352 (9f439a9) into master (34803bc) will decrease coverage by 0.05%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #1352      +/-   ##
==========================================
- Coverage   72.39%   72.35%   -0.05%     
==========================================
  Files          72       72              
  Lines        3268     3277       +9     
  Branches      532      534       +2     
==========================================
+ Hits         2366     2371       +5     
- Misses        735      739       +4     
  Partials      167      167              

Impacted Files	Coverage Δ
filer/admin/clipboardadmin.py	94.11% <100.00%> (+0.67%)	:arrow_up:
filer/admin/folderadmin.py	71.94% <100.00%> (+0.08%)	:arrow_up:
filer/models/filemodels.py	85.20% <100.00%> (-1.35%)	:arrow_down:
filer/models/foldermodels.py	85.99% <100.00%> (-0.49%)	:arrow_down: