Group creation and validation

[io7m]

Users automatically have a group generated for them when their account is created. However, the explicit creation of arbitrarily named groups will require domain validation.

For example, when a user wants to use com.example.x, they will be required to prove that they own x.example.com. This can be achieved using the standard approach of trying to retrieve a token at x.example.com/.well-known/eigion-[some-value].

• [x] Database changes to hold requests
• [x] Admin API to inspect requests in progress
• [x] Service to execute domain checks
• [x] Domain check module
• [x] Public API to make group creation requests, check the status of requests, cancel requests, etc
• [x] Public API to invite a user into a group
• [x] Public API to accept or reject invites
• [x] Public API to grant a user a role in a group
• [x] Public API to leave a group

What roles should a user have upon founding a group? Presumably ... all of them.

• Yes, all roles.

How do users get into groups they don't own?

• A user with a given role has to invite them, and they can either accept or ignore the invite.
  • ~Users can't be invited to a user's "personal" group. This is going to require marking groups as personal.~

How do users get roles within a group?

• A user with role x (where x isn't FOUNDER) can grant x to any other user.

Given that new roles might be added in the future, how to users within groups get new roles?

• The FOUNDER role implies all other roles automatically, so the founder can grant new roles to users as needed.

[io7m]

Done.