Add roles for different user actions (permission groups)

[mihow]

Currently read, write & delete permissions are determined only by whether a user is a member or owner of a project (and or is_staff or superuser across the whole system)

Implementing roles means adding custom permission for certain actions like adding species identifications or importing data. A moth expert will likely have the ability to add species identifications in multiple projects, even if they can't edit other parts of the project.

Here are some notes about the potential roles / permission groups.

This will also require a user interface where project managers can update membership themselves (follow-up ticket, stay in the Django admin for now)

---

NOT IN PROJECT.MEMBERS()
Public browsing (anonymous user, not a member of any project)
Can view project data (if not private project)

YES IN PROJECT.MEMBERS()

Browsing role (no special permissions)
Can view private project data
Get email notifications about project

IN PERMISSION GROUP

Research role (login required)
Can trigger exports for downloading data
(could potentially export data from private projects they are a member of)

Identifier Role
Permission to make identifications
Allowed to update the Identifications model
Is member of the current identification’s Project
Current identification belongs to project that user is a member of

ML / Data manager role
Permissions to process images (run ML jobs)
Allowed to create a Job
Can delete occurrences

Project manager role
Setting up project, registering deployments (“stations”)
Permission to import/sync data
Adding cover images, writing public description of project
Managing project members