Support jCasbin as the authorization mechanism for RBAC & ABAC

[veotax]

jCasbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, casbin has several advantages:

1. roles can be cascaded, aka roles can have roles.
2. support resource roles, so users have their roles and resource have their roles too. role = group here.
3. the permission assignments (or policy in casbin's language) can be persisted in files or database.
4. multiple models like ACL, BLP, RBAC, ABAC, RESTful are supported.

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

I saw there's an issue that discusses which one is better, RBAC or ABAC here: https://github.com/eclipse/smarthome/issues/579., but I think with jCasbin, you can always flexibly switch from a model to another, or use them together. It will save business logic developers from developing a complex security mechanism by themselves. And jCasbin also has Golang and PHP versions, which means you can use the same policy text and API in a cross-platform manner.

[sjsf]

While this might be some valuable input for the implementation details of #579, I'm closing this as it doesn't make sense to have this as standalone issue.

[veotax]

OK, I will leave comments under that issue.