Hosting permissions aren't correct

[vtbassmatt]

Currently the can_view permission is completely unused. Also, haven't tested whether the can_edit/can_host split is fully correct.

[vtbassmatt]

And actually, the whole thing is ill-designed. It's not clear what happens if there are two GameHostPermissions objects with different bits set, for example. And the answer probably differs depending on exactly how the view access things 😭

Much better to switch to https://docs.djangoproject.com/en/4.1/topics/auth/default/#permissions-and-authorization

[vtbassmatt]

With the move to django-guardian, the right primitives are in place. To do:

• [ ] Make sure view_game vs host_game vs change_game is universally employed and correct
• [x] Make sure that add_game is respected
• [x] Make sure that new users get appropriate permissions on creation
• [ ] Nice to have: in-app way to grant view/host/edit permissions to other users? (I don't need this but maybe someone will)