This is a major rework of the permissions system to enable various new
capabilities and clean up some of the oddities that were there.
Highlights:

- The concept of "admin" permission is removed. All permissions must be
  granted individually.
- Permissions can now be granted on a group-specific level, such as
  giving a user the ability to tag topics only in a specific group.
- Permissions can also be denied for a specific group (or all groups),
  enabling uses like "tag topics in all groups except ~music".
- Removed the two cases where "all permissions" were granted: users on
  themselves and the sender and recipient on messages. This was
  dangerous, we should always grant permissions explicitly.
- Eliminated all the granular permissions for changing a user's settings
  (which were all granted implicitly), and replaced with an overall
  "change_settings" permission.