Currently the result of `allowed?` is `boolean`. A nicer result type would provide a reasons why the check failed in the case of failure. This would enable lots of client side code to be removed in gitlab-org/gitlab, and would just be generally more useful.