Add a better permission system

[CrsiX]

Currently, the user permission system is based on some flags and other data. First, the flag permission which should determine whether a user is allowed to vote for or against refund requests. Second, the external flag which should indicate whether the user is an internal member or not. Third, the active flag which should make disabling of user accounts temporarily possible. And lastly, the voucher_id reference that determines which internal user vouches for the given external user -- which kind of renders the external flag useless, at least in the current setup.

The goal should be to set up a better and more flexible permission system for different users. It should be easy to use in the server code as well as easy to understand, use and maintain by the clients.

This permission system does not necessarily need to be combined with the authentication question.

[CrsiX]

Since most clients currently use a privilege level system anyways, it would be a valid option to specify explicit privilege levels, for example as an enum with the following values:

• DISABLED (aka the user was softly deleted and can't be used anyhow)
• EXTERNAL
• VOUCHED
• INTERNAL
• PERMITTED for users with permission=true, which currently implies active=true and external=false
• optional SUPERUSER, if an action is performed by the server operator, e.g. via the CLI; then, this level could be used to allow some operation which would not be allowed otherwise

Those enums should be exposed to clients via static keywords in strings as well as integers, where DISABLED equals zero. This way, comparisons of the form privilege_level >= 3 are possible.