Implement permissions for agent catalog

After discussions we have come up with these permissions:

Catalog items (agents/flows etc)

• Create/update/delete: Maintainer+ of the project where the definition is stored
• View public items: Anonymous
• View private items: Developer+ of the project where the definition is stored

Project configured catalog items

• Create/update/delete: Maintainer+ of the project where the agent/flow is being configured
• View: Developer+ of the project where the agent/flow is being configured

We will need to:

• implement these permissions on the backend: !196886 (merged)
• start using these permissions in the backend: !197393 (merged)
• expose these permissions to the frontend (GraphQL?):
• consume/implement these permissions on the frontend