registry api permissions inconsistent

The permissions for the registry api seem inconsistent.

For example:

delete ':id/registry/repositories/:repository_id/tags/:tag_name' deletes a single tag and be done as a developer. Notice that given gitlab-ce#21405 it will also delete the image and all related tags.

delete ':id/registry/repositories/:repository_id/tags' deletes tags in bulk and expects you to delete all tags for a single image (effectively the same as the previous call), but can only be performed as a maintainer.

I believe this is an inconsistency, they should both have the same permission, either maintainer or developer.

/cc @trizzi