Add limits to number of custom roles

Background

We should add a limit to the number of custom roles each top level group can have.

Maybe start with 10 per group? Just to make sure nobody creates tons of custom roles.

This is especially important for SaaS performance.

Variables

Self-Managed: Not as much of a concern, if they create a ton and run into performance issues, it would be on the customer to manage performance

SaaS: Creating a large number of roles increases lookups and could affect performance for others

❓ Do we allow duplicate custom roles? Ex: Guest +2 permissions, but named "Y" in one case and "Z" in another

❓ Do we want to enforce this for both SaaS and self-managed, or just one?

Proposal

• Allow a max of 15 custom roles per top level group
• Base roles do not count against the limit
• Self Managed and Saas, or just SaaS? (open question)
• User receives error message when trying to add 16th custom role