New setting to toggle whether new auth_header users should be superuser

[jathanism]

This adds a new setting called NSOT_NEW_USERS_AS_SUPERUSER which defaults to True, to toggle whether users coming in via the auth_header method (proxy authentication) are created with superuser permissions.

If toggled to False, new users are not given superuser and it will be expected that custom permissions will be utilized to control admin privileges.

This also updates the API permissions validation from requiring "staff" permissions to requiring model permissions. For existing users and default behaviors, there is no impact.

Since this has not changed any of the default behavior, no new unit tests have been introduced at this time. This change is laying the groundwork for a future release where we'll change the default permissions to be more granular and we'll implement legit testing of the permissions features at that time.

[jathanism]

Yeahhh I thought about that and the complexity in changing the settings on the mock server is more than I have patience for at this very moment. But before I land this I'll make sure I'm not just being lazy.

[nickpegg]

Maybe you short-circuit the settings complexity by using the mock package in that particular test?

I gave that comment not knowing the complexity of messing with settings variables, so don't worry about it if it's a big undertaking.