RBAC: CLI interface

[leovalais]

Description and goal

Refs #8171

Implement a CLI interface to ease role management.

CLI:

• editoast roles add SUBJECT ROLE [ROLE+]
• editoast roles remove SUBJECT ROLE [ROLE+]
• editoast roles list SUBJECT
• editoast roles list-roles

where:

• SUBJECT can be either a subject id (u64) or a user identity as provided by the gateway (String)
• ROLE is a builtin role identifier
• list-roles lists the builtin roles tag

Acceptance criteria

The commands are implemented.

Note

There will be a CLI to manage users and groups as well. Subject IDs will be obtainable from there.

[flomonster]

• Why using authz in the cmd?
• Since we removed the application role only builtin should be listed and use
  • Special case: admin and superuser both grant all builtin roles to the subject
• We should have a command to list groups
• We should have a command to add a user to a group

[leovalais]

Why using authz in the cmd?

Just to scope things. I'll remove it.

Special case: admin and superuser both grant all builtin roles to the subject

The more I think about it, the more fitting a builtin role Superuser or Admin that short-circuits all checks looks to me. This way we won't have to deal with migrations or the mutual-exclusiveness of builtin roles.

We should have a command to list groups
We should have a command to add a user to a group

The other half is there: #8754