Template refactoring part 2 plus bonus permissions updates

[rebkwok]

The main aim of this PR was to move the logic about which buttons to show at the top of the request content (and whether to enable/disable them, show tooltips etc) out of the template and into the views.

We now build a content_buttons dict for each type of content that needs to display buttons (request, file, dir) and the template just needs to use that to determine whether to show buttons.

However, I also refactored the logic to make use of the permissions in permissions.py, and in doing so came across the odd permission that was only enforced at the view/template level, and the odd one that was missing - the main ones being:

• a user can't submit a review if there are no output files on the request (this was enforced in the view only, by disabling the submit-review button)
• a user can't submit a request with no output files (this was missing, we previously allowed requests with no output files, a leftover from the pre-turns era when users were able to withdraw files from a submitted request. This meant that a user could create a request with no files, or only supporting files, and it would be stuck in an un-reviewable, un-rejectable/returnable state)

[rebkwok]

This PR is mostly reviewable commit-by-commit, I think, but the last one is to split up the get_button_context function which had grown more than I liked, and it was just too fiddly to go back and rewrite it into the earlier commits.

There's a part 3 to this, to do similar refactoring to the workspace and code views/templates, but those should be less complicated.