fine grained access rights for clients: globals + per session options

[Antoine Martin]

At the moment, if a client can login then he can access everything.

We must change the way we store authorization keys from the current ssh style (one line per file in .shifter/client/authorized_keys - which should be in /server/ anyway) to a first class object: ClientPermissions, saved as UUID.conf

OTOH at minimum, we should have:

• can_start_session
• can_start_desktop
• can_control_as_owner
• can_control_as_actor
• can_shadow_[local_display|vnc|nx]
• can_tunnel_[sound|print|file]
• can_grant_permissions
• can_see_others_permissions

On login, we look it up and pass the permissions back to the user as part of the add_user command.
The ssh-add and local logins will grant all permissions automatically.

Some new session attributes (set on start and modifiable):

• locked (only owner/actor can release it)

etc.

Some new commands:

• set_session_attributes (and also overload start_session) to protect a session.